-
Notifications
You must be signed in to change notification settings - Fork 13
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
replace BoringSSL with OpenSSL #191
Conversation
docs build is timing out, we should probably just make that longer: https://github.com/olix0r/kubert/actions/runs/6540496051/job/17760488340 |
CI failure for the incluster client tests with OpenSSL on k8s v1.26 is due to a timeout: https://github.com/olix0r/kubert/actions/runs/6540496054 --- looks like it just happened to hit one of the tests that was introduced in this PR 🙃 Should hopefully work on rerun although we may need to bump those timeouts. |
Co-authored-by: Oliver Gould <ver@buoyant.io>
Co-authored-by: Oliver Gould <ver@buoyant.io>
this feels less flaky in case module structure changes.
Most recent CI failure looks like a transient network connectivity issue while downloading deps: https://github.com/olix0r/kubert/actions/runs/6590434165/job/17907015902 Mind restarting it for me? |
Depends on #190
Currently, Kubert has the option to use either Rustls or BoringSSL as the TLS implementation. However, the BoringSSL feature is incomplete, as it only configures Kubert's server to use BoringSSL, while the client will still use "whatever
kube-client
is configured to use". This means that you don't really get all-BoringSSL. Meanwhile, using BoringSSL on the client-side is quite fraught without upstream support inkube-client
.Therefore, this branch rips out the
boring-tls
feature and replaces it with anopenssl-tls
feature. Now, we can ensure that the client and server use the same TLS implementation, becausekube-client
already supports OpenSSL. In addition, I've added new tests for the TLS server, and changed the CI client tests to run with both TLS clients.Closes #188