Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix jetstream client certificate mount path #2167

Merged
merged 3 commits into from
Apr 3, 2024
Merged

fix jetstream client certificate mount path #2167

merged 3 commits into from
Apr 3, 2024
+3 −4

Conversation

pgvishnuram
Copy link
Contributor

@pgvishnuram pgvishnuram commented Apr 2, 2024
edited by himabindu07

Description

This PR fixes an issue where mounted client side tls are not respected by the system path due long nested path.

Related Issues

https://github.com/astronomer/issues/issues/6259

Testing

QA should not see any TLS error in nats service

Merging

cherry-pick to release-0.34

@pgvishnuram pgvishnuram marked this pull request as ready for review April 2, 2024 18:48
@pgvishnuram pgvishnuram requested a review from a team as a code owner April 2, 2024 18:48
@danielhoherd danielhoherd marked this pull request as draft April 2, 2024 18:49
danielhoherd
danielhoherd reviewed Apr 2, 2024
View reviewed changes
tests/chart_tests/test_nats_jetstream.py
@@ -99,7 +99,7 @@ def test_nats_statefulset_with_jetstream_and_tls(self, kube_version):
} in docs[10]["spec"]["template"]["spec"]["containers"][0]["volumeMounts"]
assert {
"name": "nats-jetstream-client-tls-volume",
"mountPath": "/usr/local/share/ca-certificates/release-name-jetstream-tls-certificate-client/ca.crt",
"mountPath": "/usr/local/share/ca-certificates/release-name-jetstream-tls-certificate-client.crt",
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We need a test with a custom nats.jetstreamSSLSecretName

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I missed this one - let me add test case for custom cert as well

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@danielhoherd jetstreamSSLSecretName this seems require additional changes - can i address this in a seperate PR - template is not rendering with provided values and this seems like byo certficate

danielhoherd
danielhoherd requested changes Apr 2, 2024
View reviewed changes
Copy link
Member

@danielhoherd danielhoherd left a comment
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Seems good so far.

Need test cases that test nats.jetstreamSSLSecretName, maybe just parametrize the existing test case.

PR description needs to be completed.

@pgvishnuram pgvishnuram changed the title update jetstream client cert tls path fix jetstream client cert mount path Apr 2, 2024
@pgvishnuram pgvishnuram changed the title fix jetstream client cert mount path fix jetstream client certificate mount path Apr 2, 2024
@pgvishnuram pgvishnuram marked this pull request as ready for review April 2, 2024 19:28
danielhoherd
danielhoherd approved these changes Apr 2, 2024
View reviewed changes
Copy link
Member

@danielhoherd danielhoherd left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM now that we've removed nats.jetstreamSSLSecretName

@pgvishnuram pgvishnuram merged commit 79aabbb into master Apr 3, 2024
7 of 8 checks passed
@pgvishnuram pgvishnuram deleted the fix/update-jetstream-tls-cert-name branch April 3, 2024 06:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@danielhoherd danielhoherd danielhoherd approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@pgvishnuram @danielhoherd