Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support accessing to TLS enabled backends #45

Merged
merged 5 commits into from
Jan 23, 2025
Merged

Support accessing to TLS enabled backends #45

merged 5 commits into from
Jan 23, 2025

Conversation

amoralej
Copy link
Contributor

@amoralej amoralej commented Jan 17, 2025
edited
Loading

Adds TLS configuration to interact with backend services including memcached, mariadb and other openstack services.

Prometheus will be added in a followup PR.

Depends-On: openstack-k8s-operators/ci-framework#2658

@openshift-ci openshift-ci bot requested review from rlandy and viroel January 17, 2025 16:01
@softwarefactory-project-zuul softwarefactory-project-zuul
Copy link

Build failed (check pipeline). Post recheck (without leading slash)
to rerun all jobs. Make sure the failure cause has been resolved before
you rerun jobs.

https://softwarefactory-project.io/zuul/t/rdoproject.org/buildset/6bef1476d14742ed9326434f7bf696d7

✔️ noop SUCCESS in 0s
✔️ openstack-meta-content-provider SUCCESS in 1h 34m 26s
✔️ watcher-operator-validation SUCCESS in 1h 23m 17s
watcher-operator-kuttl RETRY_LIMIT in 1h 04m 54s

marios
marios reviewed Jan 20, 2025
View reviewed changes
controllers/watcherapi_controller.go Outdated Show resolved Hide resolved
templates/watcher/config/00-default.conf Outdated Show resolved Hide resolved
templates/watcher/config/00-default.conf Outdated Show resolved Hide resolved
@softwarefactory-project-zuul softwarefactory-project-zuul
Copy link

This change depends on a change that failed to merge.

Change openstack-k8s-operators/ci-framework#2658 is needed.

@amoralej amoralej mentioned this pull request Jan 21, 2025
Merged
@raukadah raukadah mentioned this pull request Jan 22, 2025
Merged
@amoralej
Add TLS options to SPEC
5be74fd 
In order to validate internal connections with TLS we need to add the
standard TLS options to the CRs. Note that, it will be copied from the
top level one to all subCRs so it only will be exposed in main Watcher
CRD top level.
@amoralej
Support SSL in access to mariadb Database
58d5132 
This patch adds support for SSL to the Database depending on the
configuration of TLS in watcher and watcherapi spec.
@amoralej
Add TLS support to memcached connection
a7a07ce 
By default memcached is created with TLS support by openstack operators.
This patch adds support to access memcached instance with TLS enabled.
@amoralej
Configure CA Cert file for keystone and watcher clients
57fcd16 
When connecting to internal services, watcher may find they have TLS
enabled. This patch is adding the required parameter `cafile` based on
the presence of TLS.CaBundleSecretName parameter which defines de Secret
of the CA bundle containing the cert used for internal communications.
@amoralej amoralej changed the title WIP Support accessing to TLS enabled backends Support accessing to TLS enabled backends Jan 22, 2025
@amoralej
Add tests to kuttl scenarios to test TLS backends config
7ca018b 
This patch checks proper values of config files for TLS enablement.
@cescgina
Copy link
Contributor

/approve

@openshift-ci OpenShift CI
Copy link

openshift-ci bot commented Jan 22, 2025

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: cescgina

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@viroel
Copy link
Contributor

viroel commented Jan 22, 2025

this lgtm, thanks

@raukadah
Copy link
Contributor

/lgtm

Codewise looks good.

without this patch, tempest tests were failing with unable to get local issuer certificate and after applying it, we are able to run single watcher tempest test..

@openshift-ci openshift-ci bot added the lgtm label Jan 23, 2025
@openshift-merge-bot openshift-merge-bot bot merged commit b29a0ac into openstack-k8s-operators:main Jan 23, 2025
6 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cescgina cescgina cescgina left review comments

@marios marios marios left review comments

@rlandy rlandy Awaiting requested review from rlandy

@viroel viroel Awaiting requested review from viroel

Assignees

@raukadah raukadah

Labels
approved lgtm
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@amoralej @cescgina @viroel @raukadah @marios @openshift-merge-robot