Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[2.8] Honor agent TLS mode when installing Fleet #45964

Merged
merged 1 commit into from
Jul 8, 2024
Merged

[2.8] Honor agent TLS mode when installing Fleet #45964

merged 1 commit into from
Jul 8, 2024

Conversation

weyfonk
Copy link
Contributor

@weyfonk weyfonk commented Jul 2, 2024
edited
Loading

Backport of rancher#45842 to 2.8.

Depends on fleet#2577.

Testing

Engineering Testing

Manual Testing

  1. Installed Rancher via Helm, built locally using dev-script/build-local.sh:
$ helm upgrade --install rancher rancher-latest/rancher --devel \
    --namespace cattle-system --create-namespace \
    --set bootstrapPassword=admin \
    --set replicas=1 \
    --set hostname=172.17.0.2.sslip.io \
    --set rancherImageTag=2.8-test-strict-tls \
    --set extraEnv[0].name=CATTLE_CHART_DEFAULT_BRANCH \
    --set extraEnv[0].value=fleetci-dev-v2.8-20240703115101 \
    --set extraEnv[1].name=CATTLE_CHART_DEFAULT_URL \
    --set extraEnv[1].value=https://github.com/fleetrepoci/charts \
    --set extraEnv[2].name=CATTLE_FLEET_VERSION \
    --set extraEnv[2].value=999.9.9+up9.9.9

(whereby the Fleet version and charts branch were set by this workflow)

  1. Found configmaps fleet-agent and fleet-controller, in namespaces cattle-fleet-local-system and cattle-fleet-system respectively, to contain the key/value pair "agentTLSMode": "system-store"

  2. Navigated the Rancher UI at https://172.17.0.2.sslip.io/dashboard/c/local/explorer/configmap and edited config map rancher-config, adding a fleet field with value {"agentTLSMode": "strict"}

  3. Could see the fleet-agent pod being re-created, and config maps fleet-controller and fleet-agent being updated with the new agentTLSMode value.

Automated Testing

N/A

QA Testing Considerations

Regressions Considerations

N/A

@weyfonk
Honor agent TLS mode when installing Fleet
c75bfc7 
This ensures that Fleet is installed with Rancher's configured agent TLS
mode, and that any change to that setting leads to Fleet being
reinstalled.
@weyfonk weyfonk marked this pull request as ready for review July 3, 2024 14:07
@weyfonk weyfonk mentioned this pull request Jul 3, 2024
Merged
@weyfonk weyfonk requested review from a team, maxsokolovsky and MbolotSuse July 3, 2024 15:35
@weyfonk weyfonk merged commit ad2adcf into rancher:release/v2.8 Jul 8, 2024
7 checks passed
@kkaempf kkaempf added this to the v2.8-Next1 milestone Jul 9, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@maxsokolovsky maxsokolovsky maxsokolovsky approved these changes

@MbolotSuse MbolotSuse Awaiting requested review from MbolotSuse

Assignees
No one assigned
Labels
None yet
Projects
Fleet
Archived in project
Milestone
v2.8.6
Development

Successfully merging this pull request may close these issues.
3 participants
@weyfonk @maxsokolovsky @kkaempf