Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

support restricted option, jolokia agent, rbac, read only root, minimal #1037

Merged
merged 1 commit into from
Oct 25, 2024
Merged

support restricted option, jolokia agent, rbac, read only root, minimal #1037

merged 1 commit into from
Oct 25, 2024

Conversation

gtully
Copy link
Contributor

@gtully gtully commented Oct 18, 2024

No description provided.

@gtully gtully requested a review from brusdev October 18, 2024 15:03
@gtully
Copy link
Contributor Author

gtully commented Oct 18, 2024

this pr includes support for:

@gtully gtully force-pushed the control_plane branch 2 times, most recently from 9f8fb65 to da54c23 Compare October 23, 2024 11:29
@gtully
Copy link
Contributor Author

gtully commented Oct 23, 2024

I have remove the use of JDK_JAVA_ARGS in restricted mode, possibly, to avoid command line limitations, we may have to push these into a cmd file in the future, but that could also be a secret, as an easy way to supply different values.

brusdev
brusdev reviewed Oct 23, 2024
View reviewed changes
Copy link
Contributor

@brusdev brusdev left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great work!!! It provides a predictable and secure deployment.

controllers/activemqartemis_reconciler.go Show resolved Hide resolved
@gtully gtully force-pushed the control_plane branch 2 times, most recently from 496b8d2 to f519654 Compare October 23, 2024 16:49
@doxsch
Copy link

doxsch commented Oct 24, 2024

  • the jolokia client using mtls

If I understand the code correctly the mtls jolokia client will only be available in restricted mode. But I think if spec.console.useClientAuth is true, the controller should also use the mtls jolokia client otherwise the issue #1036 won't be fixed.

@gtully
Copy link
Contributor Author

gtully commented Oct 24, 2024
edited
Loading

  • the jolokia client using mtls

If I understand the code correctly the mtls jolokia client will only be available in restricted mode. But I think if spec.console.useClientAuth is true, the controller should also use the mtls jolokia client otherwise the issue #1036 won't be fixed.

yes. I think it will be easier to fix #1036 with these changes. But #1036 is not resolved by this change

and thinking some more, maybe the presence of an operator cert and operator trust bundle is sufficient to initiate mtls, if they are present, make use of them.

@gtully gtully merged commit 269b5c9 into artemiscloud:main Oct 25, 2024
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@brusdev brusdev brusdev approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@gtully @doxsch @brusdev