Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[tlse] TLS database connection #383

Merged
merged 1 commit into from
Feb 26, 2024
Merged

[tlse] TLS database connection #383

merged 1 commit into from
Feb 26, 2024

Conversation

stuggi
Copy link
Contributor

@stuggi stuggi commented Feb 19, 2024
edited by openshift-ci bot
Loading

The my.cnf file gets added to the secret holding the service configs. The content of my.cnf is centrally managed in the mariadb-operator and retrieved calling db.GetDatabaseClientConfig(tlsCfg)

Depends-On: openstack-k8s-operators/mariadb-operator#190
Depends-On: openstack-k8s-operators/mariadb-operator#191

Jira: OSPRH-4547

@openshift-ci openshift-ci bot requested review from lewisdenny and viroel February 19, 2024 09:23
@openshift-ci OpenShift CI
Copy link
Contributor

openshift-ci bot commented Feb 19, 2024

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: stuggi

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@stuggi stuggi requested review from olliewalsh, dciabrin and Deydra71 and removed request for lewisdenny and viroel February 19, 2024 09:27
@stuggi
Copy link
Contributor Author

stuggi commented Feb 19, 2024

/test functional

@stuggi stuggi marked this pull request as draft February 19, 2024 11:41
@stuggi stuggi marked this pull request as ready for review February 19, 2024 16:53
@openshift-ci openshift-ci bot requested review from abays and lewisdenny February 19, 2024 16:53
@stuggi stuggi force-pushed the tlse_db_status branch 4 times, most recently from 5098599 to cdb8dff Compare February 21, 2024 10:06
@stuggi
Copy link
Contributor Author

stuggi commented Feb 22, 2024

/hold

@stuggi
[tlse] TLS database connection
9f53adf 
The my.cnf file gets added to the secret holding the service configs.
The content of my.cnf is centrally managed in the mariadb-operator
and retrieved calling db.GetDatabaseClientConfig(tlsCfg)

Depends-On: openstack-k8s-operators/mariadb-operator#190
Depends-On: openstack-k8s-operators/mariadb-operator#191

Jira: OSPRH-4547
olliewalsh
olliewalsh reviewed Feb 26, 2024
View reviewed changes
controllers/keystoneapi_controller.go
@@ -1168,12 +1121,18 @@ func (r *KeystoneAPIReconciler) generateServiceConfigMaps(

cmLabels := labels.GetLabels(instance, labels.GetGroupLabel(keystone.ServiceName), map[string]string{})

var tlsCfg *tls.Service
if instance.Spec.TLS.Ca.CaBundleSecretName != "" {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is it possible that CaBundleSecretName is set but internal TLS is disabled?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yes it is possible that the CaBundleSecretName and internal TLS is disabled, the mariadbdatabase is reflecting if tls should be used for the DB connection. https://github.com/openstack-k8s-operators/mariadb-operator/blob/main/controllers/mariadbdatabase_controller.go#L172 . so if CaBundleSecretName is not empty, but the DB does not support TLS, https://github.com/openstack-k8s-operators/mariadb-operator/blob/main/api/v1beta1/mariadbdatabase_funcs.go#L475 does not return a my.cnf to use tls. Does that make sense and answer the question?

@olliewalsh
Copy link
Contributor

/lgtm

@openshift-ci openshift-ci bot added the lgtm label Feb 26, 2024
@openshift-merge-bot openshift-merge-bot bot merged commit b1b853e into openstack-k8s-operators:main Feb 26, 2024
6 checks passed
@stuggi stuggi mentioned this pull request Mar 13, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@olliewalsh olliewalsh olliewalsh left review comments

@dciabrin dciabrin Awaiting requested review from dciabrin

@Deydra71 Deydra71 Awaiting requested review from Deydra71

@abays abays Awaiting requested review from abays

@lewisdenny lewisdenny Awaiting requested review from lewisdenny

Assignees

@olliewalsh olliewalsh

Labels
approved lgtm
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@stuggi @olliewalsh