Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add oauth-cabundle configmap to bundle mount #853

Merged
merged 1 commit into from
Dec 3, 2024
Merged

Add oauth-cabundle configmap to bundle mount #853

merged 1 commit into from
Dec 3, 2024

Conversation

nrfox
Copy link
Contributor

@nrfox nrfox commented Dec 2, 2024
edited
Loading

Turns the cabundle configmap volume into a projected volume and adds the optional oauth-cabundle configmap to the mount.

To test:

  1. Deploy Kiali on openshift
  2. Create an oauth-cabundle configmap: 
    kubectl create configmap -n istio-system kiali-oauth-cabundle --from-literal=oauth-server-ca.crt=somecrt
  3. Restart Kiali pod 
    kubectl rollout restart deployment -n istio-system kiali
kubectl rollout status deployment -n istio-system kiali
  4. Ensure file exists on the kiali pod at: /kiali-cabundle/oauth-server-ca.crt 
    kubectl exec -it -n istio-system deployments/kiali -- cat /kiali-cabundle/oauth-server-ca.crt
> somecrt

Server PR: kiali/kiali#7974
Docs PR: kiali/kiali.io#838

@nrfox nrfox mentioned this pull request Dec 2, 2024
Merged
@nrfox nrfox added the requires server PR A PR requires additional changes in the backend code. label Dec 2, 2024
@nrfox nrfox self-assigned this Dec 2, 2024
@nrfox nrfox requested a review from jmazzitelli December 2, 2024 21:06
jmazzitelli
jmazzitelli approved these changes Dec 3, 2024
View reviewed changes
Copy link
Contributor

@jmazzitelli jmazzitelli left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Normal deployment of kiali using typical make build build-ui test cluster-push operator-create kiali-create (this is done without creating the special configmap - I want to see if the deployment works just doing it normally without the special configmap):

$ kubectl exec -it -n istio-system deployments/kiali -- ls /kiali-cabundle
service-ca.crt

I then create the configmap per test instructions, do a rollout restart of the kiali deployment, and then look in the directory again:

$ kubectl exec -it -n istio-system deployments/kiali -- ls -1 /kiali-cabundle
oauth-server-ca.crt
service-ca.crt

The content is as expected:

$ kubectl exec -it -n istio-system deployments/kiali -- cat /kiali-cabundle/oauth-server-ca.crt
somecrt

$ kubectl exec -it -n istio-system deployments/kiali -- cat /kiali-cabundle/service-ca.crt
-----BEGIN CERTIFICATE-----
...[chomp]...
-----END CERTIFICATE-----

@nrfox nrfox merged commit 36e97ca into kiali:master Dec 3, 2024
1 check passed
nrfox added a commit to nrfox/kiali-operator that referenced this pull request Dec 3, 2024
@nrfox
Add oauth-cabundle configmap to bundle mount (kiali#853)
0e6f922
@nrfox nrfox deleted the add-configmap-ca-bundle branch December 3, 2024 18:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jmazzitelli jmazzitelli jmazzitelli approved these changes

Assignees

@nrfox nrfox

Labels
requires server PR A PR requires additional changes in the backend code.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@nrfox @jmazzitelli