Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: TLS communication between the operator and the instance manager #4442

Open
wants to merge 18 commits into
base: main
Choose a base branch
from
Open

feat: TLS communication between the operator and the instance manager #4442

wants to merge 18 commits into from

Conversation

mnencia
Copy link
Member

@mnencia mnencia commented May 6, 2024
edited

Closes #4441

@github-actions github-actions bot added backport-requested ◀️ This pull request should be backported to all supported releases release-1.21 release-1.22 release-1.23 labels May 6, 2024
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented May 6, 2024

❗ By default, the pull request is configured to backport to all release branches.

  • To stop backporting this pr, remove the label: backport-requested ◀️ or add the label 'do not backport'
  • To stop backporting this pr to a certain release branch, remove the specific branch label: release-x.y

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented May 6, 2024

Build Error! No Linked Issue found. Please link an issue or mention it in the body using #<issue_id>

@github-actions GitHub Actions
Copy link
Contributor

Build Error! No Linked Issue found. Please link an issue or mention it in the body using #<issue_id>

1 similar comment
@github-actions GitHub Actions
Copy link
Contributor

Build Error! No Linked Issue found. Please link an issue or mention it in the body using #<issue_id>

@mnencia
Copy link
Member Author

mnencia commented May 22, 2024

E2E tests running on EDB fork https://github.com/EnterpriseDB/cloudnative-pg/actions/runs/9192103205

@mnencia mnencia marked this pull request as ready for review May 22, 2024 15:23
@mnencia mnencia requested a review from a team as a code owner May 22, 2024 15:23
@mnencia
Copy link
Member Author

mnencia commented May 22, 2024

/ok-to-merge E2E tests are green

@cnpg-bot cnpg-bot added the ok to merge 👌 This PR can be merged label May 22, 2024
jsilvela
jsilvela reviewed May 23, 2024
View reviewed changes
pkg/specs/pods.go Outdated Show resolved Hide resolved
jsilvela
jsilvela reviewed May 23, 2024
View reviewed changes
Copy link
Collaborator

@jsilvela jsilvela left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It seems we're always going to try to use HTTPS.
See

podSpec := CreateClusterPodSpec(podName, cluster, envConfig, gracePeriod, true)

I thought this was supposed to be an option, and possibly and opt-in type of thing?

pkg/specs/pods.go Outdated Show resolved Hide resolved
@mnencia
Copy link
Member Author

mnencia commented May 23, 2024

It seems we're always going to try to use HTTPS.

That's correct. The conditional part is only for supporting Online Upgrades.

mnencia
mnencia commented May 23, 2024
View reviewed changes
docs/src/security.md Outdated Show resolved Hide resolved
@litaocdl
Copy link
Collaborator

run e2e here: https://github.com/EnterpriseDB/cloudnative-pg/actions/runs/9281563495

@mnencia mnencia force-pushed the dev/4441 branch 2 times, most recently from 13d351d to f97dd54 Compare May 30, 2024 08:13
@mnencia mnencia added the do not merge 🙅 This PR cannot be merged (yet) label May 30, 2024
@mnencia
Copy link
Member Author

mnencia commented May 30, 2024
edited

I don't know if we want to backport this pull request. I would like to have an additional review from @fcanovai and know his opinion. Until we have it, please do not merge the patch.

mnencia and others added 18 commits May 30, 2024 16:16
@mnencia
feat: TLS communication between the operator and the instance manager
05f75d2 
Closes #4441

Signed-off-by: Marco Nenciarini <marco.nenciarini@enterprisedb.com>
@mnencia
chore: Detect the TLS status instead of always falling back
9f8380a 
Signed-off-by: Marco Nenciarini <marco.nenciarini@enterprisedb.com>
@armru @mnencia
chore: encapsulate tls generation
b4e5cc2 
Signed-off-by: Armando Ruocco <armando.ruocco@enterprisedb.com>
@armru @mnencia
fix: upgradeInstanceManager
96a18a7 
Signed-off-by: Armando Ruocco <armando.ruocco@enterprisedb.com>
@armru @mnencia
chore: set timeouts
9e31794 
Signed-off-by: Armando Ruocco <armando.ruocco@enterprisedb.com>
@armru @mnencia
chore: encapsulate GetStatusSchemeFromPod usage
159568e 
Signed-off-by: Armando Ruocco <armando.ruocco@enterprisedb.com>
@armru @mnencia
refactor: encapsulate tls context logic
4c36d2c 
Signed-off-by: Armando Ruocco <armando.ruocco@enterprisedb.com>
@mnencia
fix: load certificate on restart
4f01ba6 
Signed-off-by: Marco Nenciarini <marco.nenciarini@enterprisedb.com>
@mnencia
fix: do not recreate the pods on online upgrade
a4681da 
Signed-off-by: Marco Nenciarini <marco.nenciarini@enterprisedb.com>
@mnencia
chore: fix include
ed7ea1e 
Signed-off-by: Marco Nenciarini <marco.nenciarini@enterprisedb.com>
@mnencia
chore: add missing docstring
f40033a 
Signed-off-by: Marco Nenciarini <marco.nenciarini@enterprisedb.com>
@mnencia
chore: ports are int32
ce57bf1 
Signed-off-by: Marco Nenciarini <marco.nenciarini@enterprisedb.com>
@mnencia
chore: intstr.FromInt is deprecated
f51dd53 
Signed-off-by: Marco Nenciarini <marco.nenciarini@enterprisedb.com>
@armru @mnencia
chore: encapsulate http logic
e348819 
Signed-off-by: Armando Ruocco <armando.ruocco@enterprisedb.com>
@jsilvela @mnencia
chore: couple of wording fixes
7d06381 
Signed-off-by: Jaime Silvela <jaime.silvela@enterprisedb.com>
@jsilvela @mnencia
chore: clarifications
db541a9 
Signed-off-by: Jaime Silvela <jaime.silvela@enterprisedb.com>
@jsilvela @mnencia
chore: better names
271f853 
Signed-off-by: Jaime Silvela <jaime.silvela@enterprisedb.com>
@jsilvela @mnencia
fix: security table
b403ba9 
Signed-off-by: Jaime Silvela <jaime.silvela@enterprisedb.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@armru armru armru left review comments

@jsilvela jsilvela jsilvela approved these changes

@litaocdl litaocdl litaocdl approved these changes

At least 2 approving reviews are required to merge this pull request.

Assignees
No one assigned
Labels
backport-requested ◀️ This pull request should be backported to all supported releases do not merge 🙅 This PR cannot be merged (yet) ok to merge 👌 This PR can be merged release-1.21 release-1.22 release-1.23
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[Feature]: The communication between the operator and the instance manager should be encrypted
5 participants
@mnencia @litaocdl @jsilvela @armru @cnpg-bot