Add cluster option "useHttps"

Issue: ytsaurus#285

api/v1/ytsaurus_types.go

@@ -527,6 +527,11 @@ type CommonSpec struct {
 	//+optional
 	NativeTransport *RPCTransportSpec `json:"nativeTransport,omitempty"`
 
+	// Use HTTPS for HTTP API calls.
+	//+kubebuilder:default:=false
+	//+optional
+	UseHTTPS bool `json:"useHttps"`
+
 	// Allow prioritizing performance over data safety. Useful for tests and experiments.
 	//+kubebuilder:default:=false
 	//+optional

config/crd/bases/cluster.ytsaurus.tech_remoteexecnodes.yaml

@@ -1169,6 +1169,10 @@ spec:
                       type: string
                   type: object
                 type: array
+              useHttps:
+                default: false
+                description: Use HTTPS for HTTP API calls.
+                type: boolean
               useIpv4:
                 default: false
                 type: boolean

config/crd/bases/cluster.ytsaurus.tech_ytsaurus.yaml

@@ -33585,6 +33585,10 @@ spec:
                 - ExecNodesOnly
                 - Everything
                 type: string
+              useHttps:
+                default: false
+                description: Use HTTPS for HTTP API calls.
+                type: boolean
               useIpv4:
                 default: false
                 type: boolean

docs/api.md

@@ -236,6 +236,7 @@ _Appears in:_
 | `jobImage` _string_ | Default docker image for user jobs. |  |  |
 | `caBundle` _[LocalObjectReference](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#localobjectreference-v1-core)_ | Reference to ConfigMap with trusted certificates: "ca.crt". |  |  |
 | `nativeTransport` _[RPCTransportSpec](#rpctransportspec)_ | Common config for native RPC bus transport. |  |  |
+| `useHttps` _boolean_ | Use HTTPS for HTTP API calls. | false |  |
 | `ephemeralCluster` _boolean_ | Allow prioritizing performance over data safety. Useful for tests and experiments. | false |  |
 | `useIpv6` _boolean_ |  | false |  |
 | `useIpv4` _boolean_ |  | false |  |
@@ -1084,6 +1085,7 @@ _Appears in:_
 | `jobImage` _string_ | Default docker image for user jobs. |  |  |
 | `caBundle` _[LocalObjectReference](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#localobjectreference-v1-core)_ | Reference to ConfigMap with trusted certificates: "ca.crt". |  |  |
 | `nativeTransport` _[RPCTransportSpec](#rpctransportspec)_ | Common config for native RPC bus transport. |  |  |
+| `useHttps` _boolean_ | Use HTTPS for HTTP API calls. | false |  |
 | `ephemeralCluster` _boolean_ | Allow prioritizing performance over data safety. Useful for tests and experiments. | false |  |
 | `useIpv6` _boolean_ |  | false |  |
 | `useIpv4` _boolean_ |  | false |  |
@@ -1597,6 +1599,7 @@ _Appears in:_
 | `jobImage` _string_ | Default docker image for user jobs. |  |  |
 | `caBundle` _[LocalObjectReference](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#localobjectreference-v1-core)_ | Reference to ConfigMap with trusted certificates: "ca.crt". |  |  |
 | `nativeTransport` _[RPCTransportSpec](#rpctransportspec)_ | Common config for native RPC bus transport. |  |  |
+| `useHttps` _boolean_ | Use HTTPS for HTTP API calls. | false |  |
 | `ephemeralCluster` _boolean_ | Allow prioritizing performance over data safety. Useful for tests and experiments. | false |  |
 | `useIpv6` _boolean_ |  | false |  |
 | `useIpv4` _boolean_ |  | false |  |

pkg/components/chyt.go

@@ -105,7 +105,7 @@ func (c *Chyt) createInitScript() string {
 func (c *Chyt) createInitChPublicScript() string {
 	script := []string{
 		initJobPrologue,
-		fmt.Sprintf("export YT_PROXY=%v CHYT_CTL_ADDRESS=%v YT_LOG_LEVEL=debug", c.cfgen.GetHTTPProxiesAddress(consts.DefaultHTTPProxyRole), c.cfgen.GetStrawberryControllerServiceAddress()),
+		fmt.Sprintf("export YT_PROXY=%v CHYT_CTL_ADDRESS=%v YT_LOG_LEVEL=debug", c.cfgen.GetHTTPProxyUrl(consts.DefaultHTTPProxyRole), c.cfgen.GetStrawberryControllerServiceAddress()),
 		"yt create scheduler_pool --attributes '{name=chyt; pool_tree=default}' --ignore-existing",
 		"yt clickhouse ctl create ch_public || true",
 		"yt clickhouse ctl set-option --alias ch_public pool chyt",
@@ -165,7 +165,7 @@ func (c *Chyt) doSync(ctx context.Context, dry bool) (ComponentStatus, error) {
 		container.Env = []corev1.EnvVar{
 			{
 				Name:  "YT_PROXY",
-				Value: c.cfgen.GetHTTPProxiesAddress(consts.DefaultHTTPProxyRole),
+				Value: c.cfgen.GetHTTPProxyUrl(consts.DefaultHTTPProxyRole),
 			},
 			{
 				Name:  "YT_TOKEN",

pkg/components/spyt.go

@@ -131,7 +131,7 @@ func (s *Spyt) doSync(ctx context.Context, dry bool) (ComponentStatus, error) {
 		container.Env = []corev1.EnvVar{
 			{
 				Name:  "YT_PROXY",
-				Value: s.cfgen.GetHTTPProxiesAddress(consts.DefaultHTTPProxyRole),
+				Value: s.cfgen.GetHTTPProxyUrl(consts.DefaultHTTPProxyRole),
 			},
 			{
 				Name:  "YT_TOKEN",

pkg/components/ytsaurus_client.go

@@ -376,6 +376,7 @@ func (yc *YtsaurusClient) doSync(ctx context.Context, dry bool) (ComponentStatus
 		}
 		yc.ytClient, err = ythttp.NewClient(&yt.Config{
 			Proxy:                 proxy,
+			UseTLS:                yc.cfgen.UseHTTPS(),
 			Token:                 token,
 			LightRequestTimeout:   &timeout,
 			DisableProxyDiscovery: disableProxyDiscovery,

pkg/ytconfig/generator.go

@@ -310,7 +310,7 @@ func (g *Generator) GetClusterConnection() ([]byte, error) {
 
 func (g *Generator) GetStrawberryControllerConfig() ([]byte, error) {
 	c := getStrawberryController()
-	proxy := g.GetHTTPProxiesAddress(consts.DefaultHTTPProxyRole)
+	proxy := g.GetHTTPProxyUrl(consts.DefaultHTTPProxyRole)
 	c.LocationProxies = []string{proxy}
 	c.HTTPLocationAliases = map[string][]string{
 		proxy: []string{g.ytsaurus.Name},
@@ -320,7 +320,7 @@ func (g *Generator) GetStrawberryControllerConfig() ([]byte, error) {
 
 func (g *Generator) GetChytInitClusterConfig() ([]byte, error) {
 	c := getChytInitCluster()
-	c.Proxy = g.GetHTTPProxiesAddress(consts.DefaultHTTPProxyRole)
+	c.Proxy = g.GetHTTPProxyUrl(consts.DefaultHTTPProxyRole)
 	return marshallYsonConfig(c)
 }
 
@@ -682,7 +682,7 @@ func (g *Generator) GetUIClustersConfig() ([]byte, error) {
 	c := getUIClusterCarcass()
 	c.ID = g.ytsaurus.Name
 	c.Name = g.ytsaurus.Name
-	c.Proxy = g.GetHTTPProxiesAddress(consts.DefaultHTTPProxyRole)
+	c.Proxy = g.GetHTTPProxyUrl(consts.DefaultHTTPProxyRole)
 	c.PrimaryMaster.CellTag = g.ytsaurus.Spec.PrimaryMasters.CellTag
 
 	c.Theme = g.ytsaurus.Spec.UI.Theme

pkg/ytconfig/names.go

@@ -118,6 +118,19 @@ func (g *Generator) GetHTTPProxiesAddress(role string) string {
 		g.GetHTTPProxiesServiceName(role),
 		g.ytsaurus.Namespace,
 		g.clusterDomain)
+
+}
+
+func (g *Generator) UseHTTPS() bool {
+	return g.commonSpec.UseHTTPS
+}
+
+func (g *Generator) GetHTTPProxyUrl(role string) string {
+	schema := ""
+	if g.commonSpec.UseHTTPS {
+		schema = "https://"
+	}
+	return schema + g.GetHTTPProxiesAddress(role)
 }
 
 func (g *Generator) GetSchedulerStatefulSetName() string {

ytop-chart/templates/remoteexecnodes-crd.yaml

@@ -1151,6 +1151,10 @@ spec:
                       type: string
                   type: object
                 type: array
+              useHttps:
+                default: false
+                description: Use HTTPS for HTTP API calls.
+                type: boolean
               useIpv4:
                 default: false
                 type: boolean

ytop-chart/templates/ytsaurus-crd.yaml

@@ -33372,6 +33372,10 @@ spec:
                 - ExecNodesOnly
                 - Everything
                 type: string
+              useHttps:
+                default: false
+                description: Use HTTPS for HTTP API calls.
+                type: boolean
               useIpv4:
                 default: false
                 type: boolean