-
Notifications
You must be signed in to change notification settings - Fork 4.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow disabling the HTTP API again. #4655
Conversation
If Connect is enabled, the HTTP API needs to be enabled and there is no point in not having it. If Connect is disabled however, it should be still possible to disable the HTTP API by configuring port `-1` for it. Fixes #4557.
c6861f7
to
894e0b5
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Great First PR 🎉
This is exactly what we all said we needed...
... but it's not going to work 😭 .
The reason this didn't check if Connect was enabled in config before (which should have been commented with hindsight) is that currently we don't require client agents to enable connect.
Our current assumption/documentation is that Connect enabled is only set on server nodes and clients just assume it's on and will fail to load certificates or similar if not.
This change will break managed proxies on some validly configured clusters where user didn't explicitly enable connect on the clients (because we told them they didn't have to).
Good news is that the problem will go away anyway soon so I don't think we should spend ages trying to fix it some more elaborate way.
I'm not quite clear on why running this block of code alters whether the HTTP API runs though - I assume it's due to that APIConfig
call but I can't quickly see anything that actually changes state there. @mkeeler any insights?
@banks you are right the APIConfig call wants a valid HTTP(s) address:port to tell the managed proxies about (or watches but that is a different problem not covered here) Maybe the better short term solution is then to attempt to get the api config at the start and use that as a condition to enabling the proxy manager. Something like:
|
ec5237f
to
889fba7
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good to me
If Connect is enabled, the HTTP API needs to be enabled and there is no point in not having it. If Connect is disabled however, it should be still possible to disable the HTTP API by configuring port
-1
for it.Fixes #4557.