Uploaded image for project: 'Couchbase Kubernetes'
  1. Couchbase Kubernetes
  2. K8S-2795

Exporter isn't compatible with Native TLS Secrets

    XMLWordPrintable

Details

    • Bug
    • Status: Closed
    • Critical
    • Resolution: Fixed
    • None
    • 2.3.2
    • operator
    • None
    • 5

    Description

      Attempting to use exporter with a TLS configured cluster fails because the appropriate cert/key/ca's aren't being mounted into the side car and passed along to the exporter application.

      The fix for this is straightforward, although there is room for nuance with the Native TLS style of secrets as we may have multiple Root CA's and so questions remain as to how would this should work in conjunction with the exporter.

      Attachments

        For Gerrit Dashboard: K8S-2795
        # Subject Branch Project Status CR V

        Activity

          ingenthr Matt Ingenthron added a comment - - edited

          Some notion of default_client_secret then and some future notion of related secrets. That said, if someone wants very specific mTLS, then we should probably just specify the secret (standardized) to the operator provisioning the sidecar.

          ingenthr Matt Ingenthron added a comment - - edited Some notion of default_client_secret then and some future notion of related secrets. That said, if someone wants very specific mTLS, then we should probably just specify the secret (standardized) to the operator provisioning the sidecar.

          Change is in gerrit (linked) and ready for final review.

          tommie Tommie McAfee added a comment - Change is in gerrit (linked) and ready for final review.

          Build couchbase-operator-2.3.1-120 contains couchbase-operator commit 95d2add with commit message:
          K8S-2795: Adds generic tls cert for sidecar use

          build-team Couchbase Build Team added a comment - Build couchbase-operator-2.3.1-120 contains couchbase-operator commit 95d2add with commit message: K8S-2795 : Adds generic tls cert for sidecar use

          For @gilad to move from resolved to Closed now.

          ingenthr Matt Ingenthron added a comment - For @gilad to move from resolved to Closed now.

          Build couchbase-operator-2.4.0-110 contains couchbase-operator commit 95d2add with commit message:
          K8S-2795: Adds generic tls cert for sidecar use

          build-team Couchbase Build Team added a comment - Build couchbase-operator-2.4.0-110 contains couchbase-operator commit 95d2add with commit message: K8S-2795 : Adds generic tls cert for sidecar use

          People

            tommie Tommie McAfee
            tommie Tommie McAfee
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Gerrit Reviews

                There are no open Gerrit changes

                PagerDuty