Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[jaeger-operator] Fix certificate condition in deployment file for #375 #376

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

[jaeger-operator] Fix certificate condition in deployment file for #375 #376

wants to merge 1 commit into from
+5 −1

Conversation

AshutoshNirkhe
Copy link

@AshutoshNirkhe AshutoshNirkhe commented Jun 20, 2022
edited

What this PR does

Which issue this PR fixes

(optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format,
will close that issue when PR gets merged)

Checklist

  • DCO signed
  • Commits are GPG signed
  • Chart Version bumped
  • Title of the PR starts with chart name ([jaeger] or [jaeger-operator])
  • README.md has been updated to match version/contain new values

@AshutoshNirkhe
Fix certificate condition in deployment file for jaegertracing#375
0ee1fbc 
Signed-off-by: AshutoshNirkhe <ashutosh.nirkhe@gmail.com>
cpanato
cpanato approved these changes Jun 20, 2022
View reviewed changes
Copy link
Member

@cpanato cpanato left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@AshutoshNirkhe
Copy link
Author

lgtm

@batazor appreciate if you could have a look too ?

@czomo
Copy link
Contributor

czomo commented Jun 23, 2022
edited

@AshutoshNirkhe Did you tried to deploy it with .certs.certificate.create to off? I guess it will end up with sth like /tmp/k8s-webhook-server/serving-certs/tls.crt: no such file or directoryManager exited non-zero because jaeger operator expect cert under that path.
cert-manager pre-requisite is not without a reason because it is responsible for handling certs for secure connection. You can create certs for your own however they are mandatory to work.

czomo
czomo reviewed Jun 23, 2022
View reviewed changes
charts/jaeger-operator/templates/deployment.yaml
@@ -48,10 +48,12 @@ spec:
- containerPort: 9443
name: webhook-server
protocol: TCP
{{- if .Values.certs.certificate.create }}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Check out the https://github.com/jaegertracing/helm-charts/tree/main/charts/jaeger-operator#prerequisites for the operator chart and my comment in conversation. In case you don't want to use cert-manager you should create certificate for webhook service in a secret instead.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@czomo thanks for the explanation. I have already configured it to use webhooks and self-signed issuer/certs now so am good.
Basically it started with if we can disable both webhooks and hence certificates for webhooks.
Like what if I disable both the webhooks ? (https://github.com/jaegertracing/helm-charts/blob/jaeger-operator-2.32.2/charts/jaeger-operator/values.yaml#L22)
Why should I still care about certificates ? So if webhooks are mandatory, shall we get rid off those flags from values file to enable/disable them or update the Readme ?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

jaeger-operator can be deployed in multiple ways, that's why there is option to disable specific components.

webhooks in general are integrated part of jaeger because they are responsible for validating jeager resources(validating webhook) or in case of mutating webhooks adding jaeger sidecars. However there are some cases when you want do disable them because of conflicts with other resources. Be carefull about that.
One of the purpose of certs is handling secure connection between service and webhooks, more features will be added in the future.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok so I think its wiser to not disable any of that :) We don't this PR anymore in that case.

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should be able to disable creating the certificates so people can use their own cert-manager issuers and settings. Is this PR being merged?

@AshutoshNirkhe AshutoshNirkhe mentioned this pull request Jun 24, 2022
Open
@pavelnikolov pavelnikolov changed the title Fix certificate condition in deployment file for #375 [jaeger-operator] Fix certificate condition in deployment file for #375 May 23, 2023
@em-le-ts
Copy link

Is any update for this PR? We're facing the same issue. Many thanks

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@avishefi avishefi avishefi left review comments

@czomo czomo czomo left review comments

@cpanato cpanato cpanato approved these changes

@batazor batazor Awaiting requested review from batazor batazor is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Disabling certs creation in v2.32.2 helm chart breaks the jaeger deployment
5 participants
@AshutoshNirkhe @czomo @em-le-ts @avishefi @cpanato