Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

tls: executing pod termination (PROJQUAY-2428) #517

Merged
merged 1 commit into from
Sep 17, 2021
Merged

tls: executing pod termination (PROJQUAY-2428) #517

merged 1 commit into from
Sep 17, 2021

Conversation

ricardomaraschini
Copy link
Contributor

@ricardomaraschini ricardomaraschini commented Sep 8, 2021
edited
Loading

If TLS is unmanaged we expect the user to provide its own cert and key.
This PR changes the route to 'passthrough' and mounts the certificates
inside quay pod if TLS is unmanaged.

crozzy
crozzy reviewed Sep 14, 2021
View reviewed changes
Copy link

@crozzy crozzy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, just one question

pkg/middleware/middleware.go
}
if quayComponentLabel == "quay-app-route" {
rt.Spec.Port = &route.RoutePort{
TargetPort: intstr.Parse("https"),
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not sure I 100% understand this, intstr.Parse() is going to create an object whose String() method will return "https" and whose IntValue() method will return 0?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, it is a struct (intstr.IntOrString) used by k8s when a field may be an int or a string (like the port).

jonathankingfc
jonathankingfc reviewed Sep 16, 2021
View reviewed changes
pkg/kustomize/secrets.go
fieldGroup := &hostsettings.HostSettingsFieldGroup{
ExternalTlsTermination: true,
ExternalTlsTermination: terminateExternally,
PreferredUrlScheme: "https",
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should this also be switched on whether or not we are terminating externally?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As we checked, it seems like we don't need it to be switched to http.

@ricardomaraschini
tls: executing pod termination (PROJQUAY-2428)
2fa2f8c 
If TLS is unmanaged we expect the user to provide its own cert and key.
This PR changes the route to 'passthrough' and mounts the certificates
inside quay pod if TLS is unmanaged.
jonathankingfc
jonathankingfc approved these changes Sep 17, 2021
View reviewed changes
Copy link
Collaborator

@jonathankingfc jonathankingfc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@jonathankingfc jonathankingfc merged commit be0f36f into quay:master Sep 17, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@crozzy crozzy crozzy left review comments

@jonathankingfc jonathankingfc jonathankingfc approved these changes

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@ricardomaraschini @crozzy @jonathankingfc