metrics-server: inherit TLS options from CDI TLSSecurityProfile#4033
Conversation
kubevirt-bot
added
release-note
|
/cc @akalenyu |
|
fyi @Barakmor1 |
|
/retest-required |
Acedus
force-pushed
the
tls-security-profile-propagation
branch
from
1430322 to
064785f
Compare
|
|
||
| // NewCdiConfigTLSWatcher crates a new cdiConfigTLSWatcher | ||
| func NewCdiConfigTLSWatcher(ctx context.Context, cdiClient cdiclient.Interface) (CdiConfigTLSWatcher, error) { | ||
| func NewCdiConfigTLSWatcher(ctx context.Context, cdiClient cdiclient.Interface) (cache.SharedIndexInformer, CdiConfigTLSWatcher, error) { |
There was a problem hiding this comment.
Out of curiosity, why is the additional informer output needed?
There was a problem hiding this comment.
Certificate secrets creation for the apiserver and upload-proxy are dependent on the existence of the CDI CR, previously during initialization both called NewCdiConfigTLSWatcher before NewCertWatcher which provided the cache sync, having it removed (as neither cdi-operator nor cdi-deployment can make use of NewCdiConfigTLSWatcher with it) makes it so the apiserver would fail initialization once and eventually succeed as the secrets get created and populated. This change just ensures that we keep logic as close as possible to the original.
| klog.V(3).Infoln("Waiting for cache sync") | ||
| cache.WaitForCacheSync(ctx.Done(), cdiConfigInformer.HasSynced) | ||
| klog.V(3).Infoln("Cache sync complete") |
|
/retest-required |
Acedus
force-pushed
the
tls-security-profile-propagation
branch
from
064785f to
f26f013
Compare
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: akalenyu The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
kubevirt-bot
added
the
approved
|
/retest |
|
sonar is unhappy about the duplication but I don't think it makes sense to extract the callback |
I excluded cmd from the duplication checks in sonar. Good thing it is not a voting lane, but next time it won't complain. |
Acedus
force-pushed
the
tls-security-profile-propagation
branch
from
f26f013 to
0c849e6
Compare
|
linter error is real fyi |
Acedus
force-pushed
the
tls-security-profile-propagation
branch
from
0c849e6 to
45f6eea
Compare
Previously the metrics-server would be initiated with default TLS configuration. This change makes it so the TLS configuration is updated during runtime for every request according to the CDI TLSSecurityProfile. Signed-off-by: Adi Aloni <[email protected]>
Acedus
force-pushed
the
tls-security-profile-propagation
branch
from
45f6eea to
865def3
Compare
|
/lgtm |
|
/retest |
7 participants
What this PR does / why we need it:
Previously the metrics-server would be initiated with default TLS configuration. This change makes it so the TLS configuration is updated during runtime for every request according to the CDI TLSSecurityProfile.
Which issue(s) this PR fixes (optional, in
fixes #<issue number>(, fixes #<issue_number>, ...)format, will close the issue(s) when PR gets merged):Partially addresses https://issues.redhat.com/browse/CNV-78858
Special notes for your reviewer:
Release note: