Timothy Potter
Timothy Potter
Hi Eric, will go through this soon!
what's the timing for this? I see the jira was opened years ago, why is this needed now anyway? I'll need some time (that I don't have right now) to...
@nosvalds Is there a separate truststore.p12 file in the TLS secret? Maybe the problem here is the keystore.p12 is being used as the truststore and since it's a new cert,...
thanks Nik ... Solr is getting configured with the keystore as the truststore, which is likely the cause of the problem here (since once the new cert is loaded, it's...
The fix for this is starting to feel more like it should go into `0.6.0` vs. `0.5.1`. My initial approach for this was to not set the `SOLR_SSL_TRUST_STORE` env var...
Thank you for following up @nosvalds, glad to hear the work-around works for now.
Rather than polluting the SolrCloud & Prometheus Exporter CRDs with OIDC config settings, the operator could parse out the `wellKnownUrl` and other config from a `security.json` provided by the user...
One problem with the `bearerTokenSecret` approach is that it would require a non-expiring access token, which are generally frowned upon, but if people want to use those, I guess it's...
Will take this one up after I clean up the security code for #333
@janhoy I have a PR up for this but I'm on the fence as to whether it's worth merging? Given SolrJ doesn't support JWT, users will have to open up...