Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[scalardl-ledger] Support TLS in ScalarDL Ledger chart #256

Merged
merged 4 commits into from
Mar 27, 2024
Merged

[scalardl-ledger] Support TLS in ScalarDL Ledger chart #256

merged 4 commits into from
Mar 27, 2024

Conversation

kota2and3kan
Copy link
Collaborator

@kota2and3kan kota2and3kan commented Feb 27, 2024
edited
Loading

Description

This PR adds TLS support in the ScalarDL Ledger chart.

In this update, users can configure TLS features and set key/cert files for ScalarDL Ledger.

Note: You need to enable the wire encryption feature on the ScalarDL Ledger side by setting scalar.dl.ledger.server.tls.enabled=true in the ledger.ledgerProperties in your custom values file.

[Client] ---> [Envoy] ---(TLS)---> [ScalarDL Ledger]

Related issues and/or PRs

Changes made

  • Add new values to configure the TLS configurations.
  • Mount key/cert file to use TLS connections between client (Envoy) and ScalarDL Ledger in the Deployment manifest.

Checklist

  • I have commented my code, particularly in hard-to-understand areas.
  • I have updated the documentation to reflect the changes.
  • Any remaining open issues linked to this PR are documented and up-to-date (Jira, GitHub, etc.).
  • Tests (unit, integration, etc.) have been added for the changes.
  • My changes generate no new warnings.
  • Any dependent changes in other PRs have been merged and published.

Additional notes (optional)

N/A

Release notes

Support TLS configuration in the ScalarDL Ledger chart. You can enable TLS between Envoy and ScalarDL Ledger.

@kota2and3kan kota2and3kan added improvement scalardl ledger PR for ScalarDL Ledger chart labels Feb 27, 2024
@kota2and3kan kota2and3kan self-assigned this Feb 27, 2024
@kota2and3kan kota2and3kan marked this pull request as draft February 27, 2024 09:23
@kota2and3kan kota2and3kan marked this pull request as ready for review March 8, 2024 09:54
supl
supl approved these changes Mar 11, 2024
View reviewed changes
Copy link
Contributor

@supl supl left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM.
Thank you 🙇

@kota2and3kan kota2and3kan changed the title [scalardl-ledger] Supprt TLS in ScalarDL Ledger chart [scalardl-ledger] Support TLS in ScalarDL Ledger chart Mar 12, 2024
@kota2and3kan kota2and3kan force-pushed the support-tls-scalardl-ledger branch from b4038b8 to 29a58b1 Compare March 12, 2024 01:55
choplin
choplin approved these changes Mar 13, 2024
View reviewed changes
Copy link

@choplin choplin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

feeblefakie
feeblefakie approved these changes Mar 21, 2024
View reviewed changes
Copy link
Contributor

@feeblefakie feeblefakie left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! Thank you!
Left one question for clarification.

charts/scalardl/templates/ledger/deployment.yaml
{{- if .Values.ledger.tls.caRootCertSecret }}
- -tls-ca-cert=/tls/certs/ca-root-cert.pem
{{- end }}
- -tls-server-name={{ .Values.ledger.tls.overrideAuthority }}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ditto. (The same question as the ScalarDB Cluster PR.)

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for your review!
I answered it on the ScalarDB Cluster PR side.
#255 (comment)

jnmt
jnmt approved these changes Mar 25, 2024
View reviewed changes
Copy link

@jnmt jnmt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! But can you check why CI fails, just in case? Thank you!

@kota2and3kan
Copy link
Collaborator Author

@jnmt
Thank you for your review!

But can you check why CI fails, just in case?

Thank you for pointing it out! I found the root cause. The cause of CI failure is the issue on the CI side... We use the bitnami helm chart to deploy PostgreSQL as a backend DB in the CI. However, recently they released a new major version and we faced an error by the backward-incompatible things.

So, I fixed in in the following PR. 🙂
#259

@jnmt
Copy link

jnmt commented Mar 25, 2024

So, I fixed in in the following PR. 🙂 #259

@kota2and3kan Thank you! Got it : )

@kota2and3kan kota2and3kan merged commit c8b6cea into main Mar 27, 2024
14 checks passed
@kota2and3kan kota2and3kan deleted the support-tls-scalardl-ledger branch June 10, 2024 08:29
kota2and3kan added a commit that referenced this pull request Jun 10, 2024
@kota2and3kan
[scalardl-ledger] Support TLS in ScalarDL Ledger chart (#256)
2a4aeb5
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jnmt jnmt jnmt approved these changes

@supl supl supl approved these changes

@feeblefakie feeblefakie feeblefakie approved these changes

@choplin choplin choplin approved these changes

@superbrothers superbrothers Awaiting requested review from superbrothers

Assignees

@kota2and3kan kota2and3kan

Labels
improvement scalardl ledger PR for ScalarDL Ledger chart
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@kota2and3kan @jnmt @choplin @feeblefakie @supl