-
Notifications
You must be signed in to change notification settings - Fork 70
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Adding insecure server boolean to chart. #83
Conversation
Signed-off-by: Bjoern Weidlich <bweidlich@ripple.com>
0c71ef9
to
59f2be3
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, thank you for the contribution @bjoernw
#### DANGER: You have disabled TLS! | ||
#### | ||
#### Please only do this if you absolutely know what you are doing. | ||
############################################################################## |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍 Love the disclaimer.
@bjoernw just needs a version bump |
@desimone What version do you want me to bump this to? 8.3.0? Should I capture my change in the changelog in the readme? |
Seems good to me, going to ping @travisgroth to make sure this is a minor not a major version bump. I don't think it breaks existing so... should be fine.
Please do! |
Signed-off-by: Bjoern Weidlich <bweidlich@ripple.com>
88aa3c4
to
bf1d9f9
Compare
@desimone bumped it to 8.4.0 and added changelog. Looks good? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
One small typo, otherwise LGTM!
Signed-off-by: Bjoern Weidlich <bweidlich@ripple.com>
Signed-off-by: Bjoern Weidlich <bweidlich@ripple.com>
…elm into adding_inscure_toggle
Thanks @bjoernw ! |
The chart was lacking support for a way to run pomerium in insecure mode. My use case is that I would like to fold pomerium into my istio mesh and since istio already handles mutual-tls I did not need/want pomerium to do that as well. Since pomerium itself already supports an insecure mode I just needed to expose this toggle in the chart.
However, just setting environment variables INSECURE_SERVER and GRPC_INSECURE wasn't enough to get past the failing liveness and readiness checks which still had a scheme of "HTTPS" regardless of the value of INSECURE_SERVER or GRPC_INSECURE.
Here I create a single flag
config.insecure
that abstracts those details away.Let me know what you think.