Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Simplify Docker SSL handling #2227

Merged
merged 5 commits into from
Jun 14, 2024
Merged

Simplify Docker SSL handling #2227

merged 5 commits into from
Jun 14, 2024

Conversation

williamjallen
Copy link
Collaborator

@williamjallen williamjallen commented May 29, 2024
edited
Loading

CDash currently requires SSL/TLS by default when using our production image. While useful for Docker Compose-based systems, this is a major pain point for k8s systems which handle TLS termination at ingress. See #2179, for example. This PR aims to ease these pains by conditionally enabling SSL/TLS if certificates are provided, in preparation for upcoming work to better support k8s-based deployments.

Fixes #2179.

@williamjallen williamjallen added this to the v3.5 milestone May 29, 2024
@williamjallen
Copy link
Collaborator Author

@zackgalbreath While the goal was to assist my Helm chart work, this is still very much a draft and I suspect that this may overlap with your work with the UBI image deployment. Feel free to push changes to this PR if you have any suggestions.

@williamjallen
Copy link
Collaborator Author

The tests require the exposed port in the dev environment to match inside & outside the container, in addition to the issues observed by @zackgalbreath with the UBI image. As a result, I switched the port back to 8080.

@zackgalbreath does this resolve the health check issue, or are the certificates the issue?

@zackgalbreath
Copy link
Contributor

@zackgalbreath does this resolve the health check issue, or are the certificates the issue?

The containers spin up successfully but the healthcheck issue remains. Reproducing this manually, the relevant error message is:

Bad Request

Your browser sent a request that this server could not understand.
Reason: You're speaking plain HTTP to an SSL-enabled server port.
Instead use the HTTPS scheme to access this URL, please.

@williamjallen
Copy link
Collaborator Author

An alternative approach might be to simply ping both http://cdash:8080 and https://cdash:8080, and return true if either of them returned a 200.

@williamjallen williamjallen marked this pull request as ready for review June 12, 2024 17:51
@zackgalbreath zackgalbreath added this pull request to the merge queue Jun 14, 2024
Merged via the queue into Kitware:master with commit 4bdca5b Jun 14, 2024
6 checks passed
@williamjallen williamjallen deleted the production-over-http branch June 14, 2024 15:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@zackgalbreath zackgalbreath zackgalbreath approved these changes

Assignees
No one assigned
Labels
release notes: administration
Projects
None yet
Milestone
v3.5
Development

Successfully merging this pull request may close these issues.

Can't use the new CDash docker images without TLS
2 participants
@williamjallen @zackgalbreath