-
Notifications
You must be signed in to change notification settings - Fork 799
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: Support use of secrets for Route tls data #1547
Merged
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Siddhesh Ghadi <sghadi1203@gmail.com>
Signed-off-by: Siddhesh Ghadi <sghadi1203@gmail.com>
Signed-off-by: Siddhesh Ghadi <sghadi1203@gmail.com>
Signed-off-by: Siddhesh Ghadi <sghadi1203@gmail.com>
…schema Signed-off-by: Siddhesh Ghadi <sghadi1203@gmail.com>
Signed-off-by: Siddhesh Ghadi <sghadi1203@gmail.com>
anandf
reviewed
Sep 27, 2024
iam-veeramalla
approved these changes
Oct 1, 2024
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Verified the changes locally, LGTM. Thanks @svghadi
anandf
reviewed
Oct 1, 2024
LGTM |
anandf
approved these changes
Oct 1, 2024
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
This was referenced Oct 28, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What type of PR is this?
/kind enhancement
What does this PR do / why we need it:
Operator supports providing custom certificates for the routes using the
.spec.<component>.route.tls
field inArgoCD
CR. However, tls data needs to embedded directly intoArgoCD
CR as plain text using.tls.key
&.tls.certificate
fields, which is not a good practice from a security point of view.This PR introduces a new field
externalCertificate
which can used to reference a tls type secret for Route. The operator will read the data from the secret and populate it into route. In case of conflict where data is embedded in ArgoCD CR and also provided via secret, data from from secret will be used.Example usage:
Changes:
tls.externalCertificate
field avaiable in latest versions.tls.externalCertificate
to the Route object'stls.key
andtls.certificate
fields.Secret
referenced inArgoCD
CR.Have you updated the necessary documentation?
How to test changes / Special notes to the reviewer:
Automated test
kubectl kuttl test ./tests/ocp/ --config ./tests/kuttl-tests.yaml --test 1-005_validate_route_tls
Manual test
tls.key
&tls.certificate
in server route. Values should be same as from the secret.