Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support TLS for watcher-api #57

Draft
wants to merge 4 commits into
base: main
Choose a base branch
from
Draft

Support TLS for watcher-api #57

wants to merge 4 commits into from

Conversation

cescgina
Copy link
Contributor

@cescgina cescgina commented Jan 31, 2025
edited
Loading

Support TLS for watcher-api. This patch follows the same approach that
openstack-operator uses. The intention is to duplicate some of the openstack-operator
code here temporarily until watcher-operator is integrated.

To use TLS in watcher-operator the user needs to previously create the certifcates, and pass the secret names for the certs for the route and the services (if TLS to pod level is desired).

@openshift-ci OpenShift CI
Copy link

openshift-ci bot commented Jan 31, 2025

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

@openshift-ci OpenShift CI
Copy link

openshift-ci bot commented Jan 31, 2025

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please ask for approval from cescgina. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@softwarefactory-project-zuul softwarefactory-project-zuul
Copy link

Build failed (check pipeline). Post recheck (without leading slash)
to rerun all jobs. Make sure the failure cause has been resolved before
you rerun jobs.

https://softwarefactory-project.io/zuul/t/rdoproject.org/buildset/f058f22970a2470aa5ae33a44f3ccfe7

✔️ noop SUCCESS in 0s
✔️ openstack-meta-content-provider SUCCESS in 1h 42m 31s
watcher-operator-validation FAILURE in 1h 18m 41s
watcher-operator-kuttl FAILURE in 44m 24s

@softwarefactory-project-zuul softwarefactory-project-zuul
Copy link

Build failed (check pipeline). Post recheck (without leading slash)
to rerun all jobs. Make sure the failure cause has been resolved before
you rerun jobs.

https://softwarefactory-project.io/zuul/t/rdoproject.org/buildset/f1f5b6ddd3dc433f82ad5f46854ba12c

✔️ noop SUCCESS in 0s
✔️ openstack-meta-content-provider SUCCESS in 1h 38m 06s
watcher-operator-validation FAILURE in 1h 26m 23s
watcher-operator-kuttl FAILURE in 53m 10s

@cescgina
Support TLS in watcher-operator
e35aa2a 
Duplicate the TLS support code in openstack-operator for TLS support in
watcher-operator before it's integrated. This will support TLS to the
pod level, but only using certificates pre-created.
@cescgina
Validate TLS input
4f140a2 
Validate the TLS input. Check that when passed, the secret containing
certs contain the right fields. Also, check the input corresponds to
a valid TLS mode, e.g. when the user has set the secrets to configure
PodLevel TLS, ensure that the secret to configure Ingress TLS is also
set.
@cescgina
Ensure Routes are deleted if not needed
f6ae66b 
If the user exposes the public endpoint via a MetalLB service, ensure
the created route is deleted.
@softwarefactory-project-zuul softwarefactory-project-zuul
Copy link

Build failed (check pipeline). Post recheck (without leading slash)
to rerun all jobs. Make sure the failure cause has been resolved before
you rerun jobs.

https://softwarefactory-project.io/zuul/t/rdoproject.org/buildset/8ea6359c3d8942938e00d033bae2a9c4

✔️ noop SUCCESS in 0s
✔️ openstack-meta-content-provider SUCCESS in 1h 37m 20s
watcher-operator-validation FAILURE in 1h 25m 07s
watcher-operator-kuttl FAILURE in 44m 12s

@softwarefactory-project-zuul softwarefactory-project-zuul
Copy link

Build failed (check pipeline). Post recheck (without leading slash)
to rerun all jobs. Make sure the failure cause has been resolved before
you rerun jobs.

https://softwarefactory-project.io/zuul/t/rdoproject.org/buildset/7ead74eeee8947e5a95b8d68fad8eafa

✔️ noop SUCCESS in 0s
✔️ openstack-meta-content-provider SUCCESS in 1h 34m 09s
✔️ watcher-operator-validation SUCCESS in 1h 22m 13s
watcher-operator-kuttl FAILURE in 45m 17s

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
do-not-merge/work-in-progress
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@cescgina @openshift-merge-robot