Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

increase signing key length #856

Merged
merged 1 commit into from
Dec 17, 2024
Merged

Conversation

jmazzitelli
Copy link
Contributor

No description provided.

@jmazzitelli jmazzitelli self-assigned this Dec 16, 2024
@jmazzitelli
Copy link
Contributor Author

jmazzitelli commented Dec 16, 2024

To test, push the operator dev build to a cluster and deploy Kiali, then confirm the auto-generated signing key has a length of 32 now:

(The following assumes you have OpenShift cluster with Istio installed - but you can easily test this on, say, minikube if you set CLUSTER_TYPE appropriately.)

  1. Build everything, deploy operator, install Kiali:
make build build-ui cluster-push operator-create kiali-create
  1. Confirm the signing key is the new length of 32:
kubectl get secret kiali-signing-key -n istio-system -ojsonpath='{.data.key}' | base64 -d | wc -c

That command should output "32" to indicate the signing-key string has a length of 32. You can see what the signing-key looks like via:

kubectl get secret kiali-signing-key -n istio-system -ojsonpath='{.data.key}' | base64 -d ; echo

That returns the random string that will look something like rsuYTY156qMaqrCZp7Yj8LqgUqPikV33

@jmazzitelli jmazzitelli marked this pull request as ready for review December 16, 2024 19:26
@jshaughn jshaughn self-requested a review December 16, 2024 22:37
@jshaughn jshaughn added the test: n/a PR does not need test additions or updates label Dec 16, 2024
Copy link
Contributor

@jshaughn jshaughn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Followed the directions and the key looks as expected:

$ kubectl get secret kiali-signing-key -n istio-system -ojsonpath='{.data.key}' | base64 -d | wc -c
32

@jmazzitelli jmazzitelli merged commit 9a3f2d5 into kiali:master Dec 17, 2024
1 check passed
@jmazzitelli jmazzitelli deleted the key-size branch December 17, 2024 13:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
test: n/a PR does not need test additions or updates
Projects
Development

Successfully merging this pull request may close these issues.

2 participants