-
Notifications
You must be signed in to change notification settings - Fork 94
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
THREESCALE-7836 Refactor TLS InsecureSkipVerify logic to use annotations #858
Conversation
Hi @carlkyrillos. Thanks for your PR. I'm waiting for a 3scale member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/ok-to-test |
/hold |
After #856, by default, the operator verifies TLS connections. That breaks backwards compat. And I think the default behavior should be TLS cerification. However, for backward compatibility or because I am using self-signed certs, me, as a user, how do I enable Have you considered reading enable/disable skip TLS verification from an annotation of the CR? I find it more flexible than global setting at the operator level. |
That's a good point. Backward compatibility might be an issue, to enable it as it is when installing via operator you can add the required env to the subscription configuration of the operator. To me this is good and makes sense to do it that way rather than via APIM because in my head, an operator configuration is different to 3scale configuration. |
a7b3b0b
to
9101433
Compare
9101433
to
e5c98b1
Compare
Code Climate has analyzed commit e5c98b1 and detected 2 issues on this pull request. Here's the issue category breakdown:
View more on Code Climate. |
/unhold |
|
||
| Variable | Options | Type | Default | Details | | ||
|-----------------------------|------------|:--------:|---------|------------------------------------------------------------------------------------------------------------------------------------------------------------| | ||
| THREESCALE_DEBUG | `1` or `0` | Optional | `0` | If `1`, sets the porta client logging to be more verbose. | |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Small but to be precise, verbose logging is enabled for local by default, disabled for olm
Looks good to me, good job! /lgtm |
Issue link
THREESCALE-7836
What
This refactors the insecure skip verify logic for the porta client to be enabled via annotations on individual CRs rather than globally as an environment variable.
This PR also add documentation around supported environment variables.
Verification steps