Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[scalardl-auditor] Support TLS in ScalarDL Auditor chart #257

Merged
merged 4 commits into from
Mar 27, 2024
Merged

[scalardl-auditor] Support TLS in ScalarDL Auditor chart #257

merged 4 commits into from
Mar 27, 2024

Conversation

kota2and3kan
Copy link
Collaborator

@kota2and3kan kota2and3kan commented Feb 27, 2024
edited
Loading

Description

This PR adds TLS support in the ScalarDL Auditor chart.

In this update, users can configure TLS features and set key/cert files for ScalarDL Auditor.

Note: You need to enable the wire encryption feature on the ScalarDL Auditor side by setting scalar.dl.auditor.server.tls.enabled=true and scalar.dl.auditor.tls.enabled=true in the auditor.auditorProperties in your custom values file.

                         +---(TLS)---> [ScalarDL Ledger] <---(TLS)------------------+
                         |                                                          |
[Client] ---> [Envoy] ---+                                                          |
                         |                                                          |
                         +---(TLS)---> [ScalarDL Auditor] ---(Recovery operation)---+

Related issues and/or PRs

Changes made

  • Add new values to configure the TLS configurations.
  • Mount key/cert file to use TLS connections between client (Envoy) and ScalarDL Auditor in the Deployment manifest.
  • Mount key/cert file to use TLS connections between ScalarDL Auditor and ScalarDL Ledger in the Deployment manifest.

Checklist

  • I have commented my code, particularly in hard-to-understand areas.
  • I have updated the documentation to reflect the changes.
  • Any remaining open issues linked to this PR are documented and up-to-date (Jira, GitHub, etc.).
  • Tests (unit, integration, etc.) have been added for the changes.
  • My changes generate no new warnings.
  • Any dependent changes in other PRs have been merged and published.

Additional notes (optional)

N/A

Release notes

Support TLS configuration in the ScalarDL Auditor chart. You can enable TLS in both "Envoy - ScalarDL Auditor" and "ScalarDL Auditor - ScalarDL Ledger" connections.

@kota2and3kan kota2and3kan added improvement scalardl auditor PR for ScalarDL Auditor chart labels Feb 27, 2024
@kota2and3kan kota2and3kan self-assigned this Feb 27, 2024
@kota2and3kan kota2and3kan marked this pull request as draft February 27, 2024 09:36
@kota2and3kan kota2and3kan marked this pull request as ready for review March 8, 2024 09:54
supl
supl approved these changes Mar 11, 2024
View reviewed changes
Copy link
Contributor

@supl supl left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM.
Thank you 🙇

@kota2and3kan kota2and3kan changed the title [scalardl-auditor] Supprt TLS in ScalarDL Auditor chart [scalardl-auditor] Support TLS in ScalarDL Auditor chart Mar 12, 2024
@kota2and3kan kota2and3kan force-pushed the support-tls-scalardl-auditor branch from ec251f4 to 99cbb01 Compare March 12, 2024 01:56
choplin
choplin approved these changes Mar 13, 2024
View reviewed changes
Copy link

@choplin choplin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

feeblefakie
feeblefakie approved these changes Mar 21, 2024
View reviewed changes
Copy link
Contributor

@feeblefakie feeblefakie left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! Thank you!
Left one question for clarification.

charts/scalardl-audit/templates/auditor/deployment.yaml
{{- if .Values.auditor.tls.caRootCertSecret }}
- -tls-ca-cert=/tls/certs/ca-root-cert.pem
{{- end }}
- -tls-server-name={{ .Values.auditor.tls.overrideAuthority }}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ditto.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for your review!
I answered it on the ScalarDB Cluster PR side.
#255 (comment)

jnmt
jnmt approved these changes Mar 25, 2024
View reviewed changes
Copy link

@jnmt jnmt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! Thank you! (Please check CI issues, just in case.)

@kota2and3kan kota2and3kan merged commit f20a5a8 into main Mar 27, 2024
14 checks passed
@kota2and3kan kota2and3kan deleted the support-tls-scalardl-auditor branch June 10, 2024 08:29
kota2and3kan added a commit that referenced this pull request Jun 10, 2024
@kota2and3kan
[scalardl-auditor] Support TLS in ScalarDL Auditor chart (#257)
7c31792
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jnmt jnmt jnmt approved these changes

@supl supl supl approved these changes

@feeblefakie feeblefakie feeblefakie approved these changes

@choplin choplin choplin approved these changes

@superbrothers superbrothers Awaiting requested review from superbrothers

Assignees

@kota2and3kan kota2and3kan

Labels
improvement scalardl auditor PR for ScalarDL Auditor chart
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@kota2and3kan @choplin @feeblefakie @supl @jnmt