feat: validator: Load TLS configuration from ConfigMap #1119
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
kubevirt-bot
added
the
release-note-none
kubevirt-bot
added
the
dco-signoff: yes
akrejcir
force-pushed
the
validator-tls-config-map
branch
from
874c9bc to
520ceb4
Compare
|
@akrejcir Is it simialr to the implementation as in |
|
It is exactly the same package. I've mentioned it in the commit message: 3b2e200 Do you mean that SSP should import |
0xFelix
reviewed
Nov 4, 2024
akrejcir
force-pushed
the
validator-tls-config-map
branch
from
520ceb4 to
6ef7c2f
Compare
0xFelix
reviewed
Nov 5, 2024
akrejcir
force-pushed
the
validator-tls-config-map
branch
from
6ef7c2f to
d1bdb12
Compare
0xFelix
reviewed
Nov 8, 2024
0xFelix
reviewed
Nov 15, 2024
akrejcir
force-pushed
the
validator-tls-config-map
branch
from
d1bdb12 to
d5336fd
Compare
These methods are not used from outside the package. Signed-off-by: Andrej Krejcir <akrejcir@redhat.com>
Do not create or use the struct when using HTTP. Signed-off-by: Andrej Krejcir <akrejcir@redhat.com>
This package was copied directly from vm-console-proxy: https://github.com/kubevirt/vm-console-proxy/tree/main/pkg/filewatch In a future commit, it will replace file watch logic in internal/template-validator/tlsinfo. We do this to simplify watching multiple directories with TRS certificate and TLS configuration. Signed-off-by: Andrej Krejcir <akrejcir@redhat.com>
Runs all callbacks before processing watch events. This means that callbacks will have a change to notice the files after the watch was started, but no events happened yet. Signed-off-by: Andrej Krejcir <akrejcir@redhat.com>
Using the filewatch package in template validator will make it easier to watch multiple directories in a future commit. Signed-off-by: Andrej Krejcir <akrejcir@redhat.com>
The GetClientConfig() will be used in future commit to set TLS options. Signed-off-by: Andrej Krejcir <akrejcir@redhat.com>
The TLS configuration is read from a ConfigMap that is mounted as a file. This allows updating the configuration without restarting the pod. Signed-off-by: Andrej Krejcir <akrejcir@redhat.com>
Signed-off-by: Andrej Krejcir <akrejcir@redhat.com>
This will make it easier to modify the tests in future commit. Signed-off-by: Andrej Krejcir <akrejcir@redhat.com>
0xFelix
reviewed
Nov 19, 2024
Check TLS policy of template validator pod. Signed-off-by: Andrej Krejcir <akrejcir@redhat.com>
akrejcir
force-pushed
the
validator-tls-config-map
branch
from
d5336fd to
a369026
Compare
|
|
/retest |
1 similar comment
|
/retest |
|
Nothing to comment from my site. The PR looks great. Nice job! |
codingben
reviewed
Nov 25, 2024
0xFelix
approved these changes
Nov 25, 2024
kubevirt-bot
added
the
do-not-merge/hold
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: 0xFelix The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
kubevirt-bot
added
the
approved
|
/unhold |
kubevirt-bot
removed
the
do-not-merge/hold
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What this PR does / why we need it:
This PR moves the TLS configuration of
template-validatorto a ConfigMap. It is mounded as a file in the pod, and validator is able to update its configuration without restarting the pod.Which issue(s) this PR fixes:
Jira: https://issues.redhat.com/browse/CNV-28716
Release note: