working with caBundle as env variable oneline base64 string (#164)

* working with caBundle as base64 oneline string

* fix lint

* trigger GitHub actions

* bump chart version

Author: kobzonega

api/v1alpha1/database_types.go

@@ -103,7 +103,7 @@ type DatabaseSpec struct {
 	// User-defined root certificate authority that is added to system trust
 	// store of Storage pods on startup.
 	// +optional
-	CABundle []byte `json:"caBundle,omitempty"`
+	CABundle string `json:"caBundle,omitempty"`
 
 	// Secret names that will be mounted into the well-known directory of
 	// every storage pod. Directory: `/opt/ydb/secrets/<secret_name>/<secret_key>`

api/v1alpha1/storage_types.go

@@ -84,7 +84,7 @@ type StorageSpec struct {
 	// User-defined root certificate authority that is added to system trust
 	// store of Storage pods on startup.
 	// +optional
-	CABundle []byte `json:"caBundle,omitempty"`
+	CABundle string `json:"caBundle,omitempty"`
 
 	// Secret names that will be mounted into the well-known directory of
 	// every storage pod. Directory: `/opt/ydb/secrets/<secret_name>/<secret_key>`

api/v1alpha1/zz_generated.deepcopy.go

@@ -15,10 +15,10 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.4.35
+version: 0.4.36
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "0.4.35"
+appVersion: "0.4.36"

deploy/ydb-operator/Chart.yaml

@@ -229,7 +229,7 @@ func (b *DatabaseStatefulSetBuilder) buildCaStorePatchingInitContainer() corev1.
 		container.Env = []corev1.EnvVar{
 			{
 				Name:  caBundleEnvName,
-				Value: string(b.Spec.CABundle),
+				Value: b.Spec.CABundle,
 			},
 		}
 	}
@@ -490,7 +490,7 @@ func (b *DatabaseStatefulSetBuilder) buildCaStorePatchingInitContainerArgs() ([]
 	arg := ""
 
 	if len(b.Spec.CABundle) > 0 {
-		arg += fmt.Sprintf("echo $%s > %s/%s && ", caBundleEnvName, localCertsDir, caBundleFileName)
+		arg += fmt.Sprintf("printf $%s | base64 --decode > %s/%s && ", caBundleEnvName, localCertsDir, caBundleFileName)
 	}
 
 	if b.Spec.Service.GRPC.TLSConfiguration.Enabled {

internal/resources/database_statefulset.go

@@ -254,7 +254,7 @@ func (b *StorageStatefulSetBuilder) buildCaStorePatchingInitContainer() corev1.C
 		container.Env = []corev1.EnvVar{
 			{
 				Name:  caBundleEnvName,
-				Value: string(b.Spec.CABundle),
+				Value: b.Spec.CABundle,
 			},
 		}
 	}
@@ -427,7 +427,7 @@ func (b *StorageStatefulSetBuilder) buildCaStorePatchingInitContainerArgs() ([]s
 	arg := ""
 
 	if len(b.Spec.CABundle) > 0 {
-		arg += fmt.Sprintf("echo $%s > %s/%s && ", caBundleEnvName, localCertsDir, caBundleFileName)
+		arg += fmt.Sprintf("printf $%s | base64 --decode > %s/%s && ", caBundleEnvName, localCertsDir, caBundleFileName)
 	}
 
 	if IsGrpcSecure(b.Storage) {