update chart manifest

Signed-off-by: josedev-union <[email protected]>

Author: josedev-union

charts/opensearch-cluster/templates/cluster.yaml

@@ -56,6 +56,9 @@ spec:
         {{- with .tls.transport.secret }}
         secret: {{ . | toYaml | nindent 10 }}
         {{- end }}
+        {{- if .tls.transport.enableHotReload }}
+        enableHotReload: {{ .tls.transport.enableHotReload }}
+        {{- end }}
       http:
         {{- if .tls.http.generate }}
         generate: {{ .tls.http.generate }}
@@ -66,6 +69,9 @@ spec:
         {{- with .tls.http.caSecret }}
         caSecret: {{ . | toYaml | nindent 10 }}
         {{- end }}
+        {{- if .tls.http.enableHotReload }}
+        enableHotReload: {{ .tls.http.enableHotReload }}
+        {{- end }}
     {{- with .config }}
     config: {{ . | toYaml | nindent 6 }}
     {{- end }}

charts/opensearch-cluster/values.yaml

@@ -323,6 +323,9 @@ cluster:
         secret: {}
 #            name: "secret-name"
 
+        # -- Enable hot reloading of TLS certificates.
+        enableHotReload: false
+
       transport:
         # -- DNs of certificates that should have admin access, mainly used for securityconfig updates via securityadmin.sh,
         # only used when existing certificates are provided
@@ -348,6 +351,8 @@ cluster:
         secret: {}
 #            name: "secret-name"
 
+        # -- Enable hot reloading of TLS certificates.
+        enableHotReload: false
 
   # Opensearch Ingress configuration
   ingress:

charts/opensearch-operator/files/opensearch.opster.io_opensearchclusters.yaml

@@ -3339,6 +3339,12 @@ spec:
                       enable:
                         description: Enable HTTPS for Dashboards
                         type: boolean
+                      enableHotReload:
+                        description: Enable hot reloading of TLS certificates. When
+                          enabled, certificates are mounted as directories instead
+                          of using subPath, allowing Kubernetes to update certificate
+                          files when secrets are updated.
+                        type: boolean
                       generate:
                         description: Generate certificate, if false secret must be
                           provided
@@ -6260,6 +6266,12 @@ spec:
                                 type: string
                             type: object
                             x-kubernetes-map-type: atomic
+                          enableHotReload:
+                            description: Enable hot reloading of TLS certificates.
+                              When enabled, certificates are mounted as directories
+                              instead of using subPath, allowing Kubernetes to update
+                              certificate files when secrets are updated.
+                            type: boolean
                           generate:
                             description: If set to true the operator will generate
                               a CA and certificates for the cluster to use, if false
@@ -6308,6 +6320,12 @@ spec:
                                 type: string
                             type: object
                             x-kubernetes-map-type: atomic
+                          enableHotReload:
+                            description: Enable hot reloading of TLS certificates.
+                              When enabled, certificates are mounted as directories
+                              instead of using subPath, allowing Kubernetes to update
+                              certificate files when secrets are updated.
+                            type: boolean
                           generate:
                             description: If set to true the operator will generate
                               a CA and certificates for the cluster to use, if false

opensearch-operator/pkg/helpers/helpers_test.go

@@ -1,7 +1,7 @@
 package helpers
 
 import (
-  	opsterv1 "github.com/Opster/opensearch-k8s-operator/opensearch-operator/api/v1"
+	opsterv1 "github.com/Opster/opensearch-k8s-operator/opensearch-operator/api/v1"
 	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
 	corev1 "k8s.io/api/core/v1"
@@ -134,31 +134,31 @@ var _ = Describe("Helper Functions", func() {
 		})
 	})
 
-  Describe("MergeConfigs mutation behavior", func() {
-    It("should merge the maps such that right is higher priority than left, and not mutate either argument when merging", func() {
-      generalConfig := map[string]string{"http.compression": "true"}
-      poolConfig := map[string]string{"node.data": "false"}
-
-      // Save a copy of the original
-      original := map[string]string{"http.compression": "true"}
-
-      // Merge and check result
-      merged := MergeConfigs(generalConfig, poolConfig)
-      expected := map[string]string{"http.compression": "true", "node.data": "false"}
-      Expect(merged).To(Equal(expected))
-
-      // Check that longLived was not mutated
-      Expect(generalConfig).To(Equal(original))
-
-      // Merge again with a new config
-      poolConfig2 := map[string]string{"node.master": "false", "http.compression": "false"}
-      expected2 := map[string]string{"http.compression": "false", "node.master": "false"}
-      merged2 := MergeConfigs(generalConfig, poolConfig2)
-      Expect(merged2).To(Equal(expected2))
-
-      // Still not mutated
-      Expect(generalConfig).To(Equal(original))
-    })
-  })
- 
+	Describe("MergeConfigs mutation behavior", func() {
+		It("should merge the maps such that right is higher priority than left, and not mutate either argument when merging", func() {
+			generalConfig := map[string]string{"http.compression": "true"}
+			poolConfig := map[string]string{"node.data": "false"}
+
+			// Save a copy of the original
+			original := map[string]string{"http.compression": "true"}
+
+			// Merge and check result
+			merged := MergeConfigs(generalConfig, poolConfig)
+			expected := map[string]string{"http.compression": "true", "node.data": "false"}
+			Expect(merged).To(Equal(expected))
+
+			// Check that longLived was not mutated
+			Expect(generalConfig).To(Equal(original))
+
+			// Merge again with a new config
+			poolConfig2 := map[string]string{"node.master": "false", "http.compression": "false"}
+			expected2 := map[string]string{"http.compression": "false", "node.master": "false"}
+			merged2 := MergeConfigs(generalConfig, poolConfig2)
+			Expect(merged2).To(Equal(expected2))
+
+			// Still not mutated
+			Expect(generalConfig).To(Equal(original))
+		})
+	})
+
 })