Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add TLS support for status service #215

Merged
merged 9 commits into from
Jun 17, 2024
Merged

add TLS support for status service #215

merged 9 commits into from
Jun 17, 2024

Conversation

nikitka
Copy link
Contributor

@nikitka nikitka commented Jun 13, 2024

I hereby agree to the terms of the CLA available at: https://yandex.ru/legal/cla/?lang=en

Add support for Service.Status.TLSConfiguration for Storage and Database object.

Pull request type

Please check the type of change your PR introduces:

  • Bugfix
  • Feature
  • Code style update (formatting, renaming)
  • Refactoring (no functional changes, no api changes)
  • Build related changes
  • Documentation content changes
  • Other (please describe):

What is the current behavior?

Issue Number: N/A

What is the new behavior?

Other information

kobzonega
kobzonega reviewed Jun 13, 2024
View reviewed changes
internal/resources/database_statefulset.go Outdated
@@ -168,6 +168,36 @@ func (b *DatabaseStatefulSetBuilder) buildVolumes() []corev1.Volume {
volumes = append(volumes, buildTLSVolume(interconnectTLSVolumeName, b.Spec.Service.Interconnect.TLSConfiguration))
}

if b.Spec.Service.Status.TLSConfiguration.Enabled {
volumes = append(volumes,
// No CA here
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should use buildTLSVolume here. In case of user hasn't CA file he may set it to just cert file

internal/resources/storage_statefulset.go Outdated
@@ -212,6 +212,36 @@ func (b *StorageStatefulSetBuilder) buildVolumes() []corev1.Volume {
volumes = append(volumes, buildTLSVolume(interconnectTLSVolumeName, b.Spec.Service.Interconnect.TLSConfiguration))
}

if b.Spec.Service.Status.TLSConfiguration.Enabled {
volumes = append(volumes,
// No CA here
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

the same as database_statefulset.go, use buildTLSVolume here

@nikitka nikitka force-pushed the status-tls branch 2 times, most recently from 3b02f60 to 32c4f4b Compare June 14, 2024 15:33
@nikitka nikitka added the ok-to-test Testing pipelines will run label Jun 14, 2024
@github-actions github-actions bot removed the ok-to-test Testing pipelines will run label Jun 14, 2024
@nikitka nikitka added ok-to-test Testing pipelines will run and removed ok-to-test Testing pipelines will run labels Jun 14, 2024
@nikitka nikitka marked this pull request as ready for review June 17, 2024 07:45
@nikitka nikitka merged commit 088245e into ydb-platform:master Jun 17, 2024
15 of 21 checks passed
kobzonega pushed a commit to kobzonega/ydb-kubernetes-operator that referenced this pull request Jun 25, 2024
@nikitka @kobzonega
add TLS support for status service (ydb-platform#215)
29ada6b
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kobzonega kobzonega kobzonega approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@nikitka @kobzonega