[K8S-2795] Exporter isn't compatible with Native TLS Secrets - Couchbase database

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: Critical
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 2.3.2
Component/s: operator
Labels:
None

Story Points:
5

Description

Attempting to use exporter with a TLS configured cluster fails because the appropriate cert/key/ca's aren't being mounted into the side car and passed along to the exporter application.

The fix for this is straightforward, although there is room for nuance with the Native TLS style of secrets as we may have multiple Root CA's and so questions remain as to how would this should work in conjunction with the exporter.

Attachments

Gerrit Reviews

- Issue Only
- Show All Reviews
- Show Open Reviews
- Show All Issues
- Show Open Issues

For Gerrit Dashboard: K8S-2795
#	Subject	Branch	Project	Status	CR	V
178070,6	K8S-2795: Adds generic tls cert for sidecar use	2.3.x	couchbase-operator	Status: MERGED	+2	+1

Activity

Ascending order - Click to sort in descending order

View 4 older comments

Matt Ingenthron added a comment - 26/Jul/22 9:54 PM - edited

Some notion of default_client_secret then and some future notion of related secrets. That said, if someone wants very specific mTLS, then we should probably just specify the secret (standardized) to the operator provisioning the sidecar.

Matt Ingenthron added a comment - 26/Jul/22 9:54 PM - edited Some notion of default_client_secret then and some future notion of related secrets. That said, if someone wants very specific mTLS, then we should probably just specify the secret (standardized) to the operator provisioning the sidecar.

Tommie McAfee added a comment - 29/Jul/22 12:04 PM

Change is in gerrit (linked) and ready for final review.

Tommie McAfee added a comment - 29/Jul/22 12:04 PM Change is in gerrit (linked) and ready for final review.

Couchbase Build Team added a comment - 01/Aug/22 9:06 PM

Build couchbase-operator-2.3.1-120 contains couchbase-operator commit 95d2add with commit message:
~~K8S-2795~~: Adds generic tls cert for sidecar use

Couchbase Build Team added a comment - 01/Aug/22 9:06 PM Build couchbase-operator-2.3.1-120 contains couchbase-operator commit 95d2add with commit message: K8S-2795 : Adds generic tls cert for sidecar use

Matt Ingenthron added a comment - 02/Aug/22 9:01 AM

For @gilad to move from resolved to Closed now.

Matt Ingenthron added a comment - 02/Aug/22 9:01 AM For @gilad to move from resolved to Closed now.

Couchbase Build Team added a comment - 09/Sep/22 2:27 PM

Build couchbase-operator-2.4.0-110 contains couchbase-operator commit 95d2add with commit message:
~~K8S-2795~~: Adds generic tls cert for sidecar use

Couchbase Build Team added a comment - 09/Sep/22 2:27 PM Build couchbase-operator-2.4.0-110 contains couchbase-operator commit 95d2add with commit message: K8S-2795 : Adds generic tls cert for sidecar use

People

Assignee:: Tommie McAfee

Reporter:: Tommie McAfee

Votes:: 0 Vote for this issue

Watchers:: 6 Start watching this issue

Dates

Created:: 20/Jul/22 4:05 PM

Updated:: 09/Sep/22 2:27 PM

Resolved:: 02/Aug/22 9:01 AM

Gerrit Reviews

There are no open Gerrit changes

Show There is 1 closed Gerrit change

Hide There is 1 closed Gerrit change

K8S-2795: Adds generic tls cert for sidecar use: Gerrit Review:

PagerDuty

Couchbase Kubernetes

Details

Description

Attachments

Gerrit Reviews

Activity

People

Dates

Gerrit Reviews

PagerDuty