From 401cbb3a728a761a6b0b2fa93a553191225bdd58 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mois=C3=A9s=20Calzado?=
<56086628+moicalcob@users.noreply.github.com>
Date: Tue, 9 Jul 2024 09:47:33 +0200
Subject: [PATCH] Allow using big files in the tenant requirements checker
(#523)
* Change memory limit for tenantRequirementsChecker
* Update readme.md
* Allow using big files in the tenant requirements checker
* Update split postgres cert
* encode postgres ca
* Last changes
* Change comment
---------
Co-authored-by: alvarorm22 <alvarorm22@gmail.com>
---
chart/templates/_commonChecks.tpl | 39 ++++++++++++++++++++++++++-----
1 file changed, 33 insertions(+), 6 deletions(-)
diff --git a/chart/templates/_commonChecks.tpl b/chart/templates/_commonChecks.tpl
index 2c1f1e1c..ba767e23 100644
--- a/chart/templates/_commonChecks.tpl
+++ b/chart/templates/_commonChecks.tpl
@@ -47,9 +47,18 @@ Return common collectors for preflights and support-bundle
# Transform the variables in files
for PREFIX in $PREFIXES; do
FILE_PATH=$(env | grep ${PREFIX}__FILE_PATH | awk -F= '{print $2}')
- FILE_CONTENT_VAR="${PREFIX}__FILE_CONTENT"
- FILE_CONTENT=$(eval "echo \$$FILE_CONTENT_VAR")
- echo "$FILE_CONTENT" | base64 -d > "$FILE_PATH"
+ FILE_CONTENT=""
+ if [ "$(env | grep -c "${PREFIX}__FILE_CONTENT")" -eq 1 ]; then
+ FILE_CONTENT_VAR="${PREFIX}__FILE_CONTENT"
+ FILE_CONTENT=$(eval "echo \$$FILE_CONTENT_VAR")
+ echo "$FILE_CONTENT" | base64 -d > "$FILE_PATH"
+ else
+ # The file is divided in multiple variables, we need to concatenate them
+ for VAR_NAME in $(env | grep "${PREFIX}__FILE_CONTENT" | awk -F= '{print $1}' | sort -V); do
+ FILE_CONTENT="${FILE_CONTENT}$(eval "echo \$$VAR_NAME")"
+ done
+ echo "$FILE_CONTENT" | base64 -d > "$FILE_PATH"
+ fi
done
env:
{{- if not .Values.commonBackendServiceAccount.enableGCPWorkloadIdentity }}
@@ -65,8 +74,8 @@ Return common collectors for preflights and support-bundle
{{- end }}
{{- end }}
{{- if and .Values.externalPostgresql.sslEnabled .Values.externalPostgresql.sslCA }}
- - name: POSTGRES_SSL_CA__FILE_CONTENT
- value: {{ .Values.externalPostgresql.sslCA | b64enc | quote }}
+ {{/* We need to split the SSL CA content in chunks of 10000 characters */}}
+ {{- include "carto.tenantRequirementsChecker.externalPostgresql.sslCA" . }}
- name: POSTGRES_SSL_CA__FILE_PATH
value: {{ include "carto.postgresql.configMapMountAbsolutePath" . }}
{{- end }}
@@ -402,7 +411,7 @@ Return customer values to use in preflights and support-bundle
value: {{ include "carto.postgresql.user" . }}
- name: WORKSPACE_POSTGRES_SSL_ENABLED
value: {{ .Values.externalPostgresql.sslEnabled | quote }}
- {{- if and .Values.externalPostgresql.sslEnabled .Values.externalPostgresql.sslCA }}
+ {{- if and .Values.externalPostgresql.sslEnabled .Values.externalPostgresql.sslCA }}
- name: WORKSPACE_POSTGRES_SSL_CA
value: {{ include "carto.postgresql.configMapMountAbsolutePath" . }}
{{- end }}
@@ -510,3 +519,21 @@ Return customer secrets to use in preflights and support-bundle
"WORKSPACE_IMPORTS_STORAGE_ACCESSKEY"
) "context" $ ) }}
{{- end -}}
+
+
+{{ define "carto.tenantRequirementsChecker.externalPostgresql.sslCA" }}
+ {{- $value := .Values.externalPostgresql.sslCA -}}
+ {{- $maxLength := 10000 -}}
+ {{- if gt (len $value) $maxLength -}}
+ {{- $neededChunks := int (div (len $value) $maxLength | ceil) -}}
+ {{- range $i, $chunk := until (add $neededChunks 1 | int) -}}
+ {{- $envVarName := printf "POSTGRES_SSL_CA__FILE_CONTENT_%02d" (add $i 1) }}
+ {{- $chunk := substr (mul $i $maxLength | int) (mul (add $i 1) $maxLength | int) $value }}
+ - name: {{$envVarName}}
+ value: {{ $chunk | b64enc }}
+ {{- end -}}
+ {{- else -}}
+ - name: POSTGRES_SSL_CA__FILE_CONTENT
+ {{ printf "value: %s" ($value | b64enc | quote) | indent 12 }}
+ {{- end -}}
+{{ end }}