Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

replace BoringSSL with OpenSSL #191

Merged
merged 23 commits into from
Oct 20, 2023
Merged

replace BoringSSL with OpenSSL #191

merged 23 commits into from
Oct 20, 2023

Conversation

hawkw
Copy link
Collaborator

@hawkw hawkw commented Oct 16, 2023

Depends on #190

Currently, Kubert has the option to use either Rustls or BoringSSL as the TLS implementation. However, the BoringSSL feature is incomplete, as it only configures Kubert's server to use BoringSSL, while the client will still use "whatever kube-client is configured to use". This means that you don't really get all-BoringSSL. Meanwhile, using BoringSSL on the client-side is quite fraught without upstream support in kube-client.

Therefore, this branch rips out the boring-tls feature and replaces it with an openssl-tls feature. Now, we can ensure that the client and server use the same TLS implementation, because kube-client already supports OpenSSL. In addition, I've added new tests for the TLS server, and changed the CI client tests to run with both TLS clients.

Closes #188

@hawkw
Copy link
Collaborator Author

hawkw commented Oct 16, 2023

docs build is timing out, we should probably just make that longer: https://github.com/olix0r/kubert/actions/runs/6540496051/job/17760488340

@hawkw
Copy link
Collaborator Author

hawkw commented Oct 17, 2023

CI failure for the incluster client tests with OpenSSL on k8s v1.26 is due to a timeout: https://github.com/olix0r/kubert/actions/runs/6540496054 --- looks like it just happened to hit one of the tests that was introduced in this PR 🙃

Should hopefully work on rerun although we may need to bump those timeouts.

.github/workflows/client.yml Outdated Show resolved Hide resolved
.github/workflows/client.yml Outdated Show resolved Hide resolved
deny.toml Show resolved Hide resolved
examples/Cargo.toml Outdated Show resolved Hide resolved
kubert/Cargo.toml Outdated Show resolved Hide resolved
@hawkw hawkw requested a review from olix0r October 20, 2023 17:00
@hawkw
Copy link
Collaborator Author

hawkw commented Oct 20, 2023

Most recent CI failure looks like a transient network connectivity issue while downloading deps: https://github.com/olix0r/kubert/actions/runs/6590434165/job/17907015902

Mind restarting it for me?

@hawkw hawkw merged commit daf0364 into olix0r:main Oct 20, 2023
34 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants