-
Notifications
You must be signed in to change notification settings - Fork 5.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[kubernetes-backend] support caFile on clusters defined in app-config #15005
Conversation
Signed-off-by: Jamie Klassen <jklassen@vmware.com>
Signed-off-by: Jamie Klassen <jklassen@vmware.com>
Changed Packages
|
@jpeach interested to know if this satisfies your intended use case -- if so, is it clear enough how to do so (e.g. mounting k8s secrets into the pod where Backstage is running, pointing to those mount points in the app-config appropriately)? Do you think there should be any further docs or @mclarke47 I only have the |
This PR has been automatically marked as stale because it has not had recent activity from the author. It will be closed if no further activity occurs. If the PR was closed and you want it re-opened, let us know and we'll re-open the PR so that you can continue the contribution! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks!
@@ -54,6 +54,10 @@ export interface Config { | |||
skipTLSVerify?: boolean; | |||
/** @visibility frontend */ | |||
skipMetricsLookup?: boolean; | |||
/** @visibility secret */ | |||
caData?: string; | |||
/** @visibility secret */ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe didn't have to make the path as such be a secret? 🤔 But I'm fine either way, not sure that it's anybody's business to see this outside of the backend code that actually needs it
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I actually don't really understand how these comments work and was following my nose LOL. Is there a value for "only the backend needs it but it's not necessarily secret"?
Thank you for contributing to Backstage! The changes in this pull request will be part of the |
I will just allow myself to make a little comment here, as I was struggling for days to get the plugin to use the correct certificate. It turned out that the environment variable 'GLOBAL_AGENT_FORCE_GLOBAL_AGENT' defaults to true which resulted in the certificate never being used, because the global-agent was used instead. Everything worked after setting GLOBAL_AGENT_FORCE_GLOBAL_AGENT to false |
Hey, I just made a Pull Request!
Resolves #13768
I tested this out locally using the following steps:
kind create cluster
kubectl config view --raw -o jsonpath='{.clusters[?(@.name == "kind-kind")].cluster.certificate-authority-data}' | base64 -d > kind.pem
kubectl apply -f backstage.yml
wherebackstage.yml
is:kubernetes.yaml
in the root of this repo:app-config.local.yaml
:yarn start-backend
Before this change, the same sequence of steps would result in
✔️ Checklist
Screenshots attached (for UI changes)backend onlySigned-off-by
line in the message. (more info)