Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add insecureSkipTLS flag for grpc client/server connection #5407

Closed
wants to merge 6 commits into from
Closed

Add insecureSkipTLS flag for grpc client/server connection #5407

wants to merge 6 commits into from

Conversation

aliaqel-stripe
Copy link
Contributor

@aliaqel-stripe aliaqel-stripe commented Jan 18, 2024
edited
Loading

Adds a flag called insecure-metrics-service-skip-tls-verify to both the adapter and operator to disable TLS on the GRPC connection between the two services. This flag is defaulted to false, i.e the existing behavior.

I am adding this change because we use the Envoy service mesh for TLS so we need to disable TLS in our service code in order for our proxy to handle the rest.

I could not find a specific config flag test but since I wrote this in a way that if left unset, you get existing behavior, I expect any issues to show up on the e2e tests.

I did validate in our cluster and I have the expected behavior of being able to disable TLS on both client and server and having the two connect over envoy.

Checklist

Fixes #5408

@aliaqel-stripe aliaqel-stripe force-pushed the aliaqel/add-insecure-TLS-flag-for-grpc branch from eab382e to bd9e7a6 Compare January 18, 2024 20:23
@aliaqel-stripe
Add insecureSkipTLS flag for grpc client/server connection
9f982b8 
Signed-off-by: Ali Aqel <aliaqel@stripe.com>
@aliaqel-stripe
update changelong
78fd0e8 
Signed-off-by: Ali Aqel <aliaqel@stripe.com>
@aliaqel-stripe
remove leaderelection change
84740d9 
Signed-off-by: Ali Aqel <aliaqel@stripe.com>
@aliaqel-stripe aliaqel-stripe mentioned this pull request Jan 18, 2024
Closed
3 tasks
@aliaqel-stripe aliaqel-stripe marked this pull request as ready for review January 18, 2024 20:57
@aliaqel-stripe aliaqel-stripe requested a review from a team as a code owner January 18, 2024 20:57
zroubalik
zroubalik reviewed Jan 18, 2024
View reviewed changes
CHANGELOG.md Outdated Show resolved Hide resolved
cmd/adapter/main.go Outdated Show resolved Hide resolved
cmd/adapter/main.go Outdated Show resolved Hide resolved
cmd/operator/main.go Outdated Show resolved Hide resolved
aliaqel-stripe and others added 3 commits January 18, 2024 21:17
@aliaqel-stripe
update for pr comments
dc9747f 
Signed-off-by: Ali Aqel <aliaqel@stripe.com>
@aliaqel-stripe
move flag up
3e85582 
Signed-off-by: Ali Aqel <aliaqel@stripe.com>
@aliaqel-stripe
Merge branch 'main' into aliaqel/add-insecure-TLS-flag-for-grpc
9bf7a71
@JorTurFer JorTurFer mentioned this pull request Jan 19, 2024
Closed
25 tasks
@aliaqel-stripe
Copy link
Contributor Author

Found a way to do this without needing to disable TLS

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@zroubalik zroubalik zroubalik left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add flag in Adapter and Operator to disable TLS on the GRPC connection
2 participants
@aliaqel-stripe @zroubalik