Adding insecure server boolean to chart. #83
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
|
Signed-off-by: Bjoern Weidlich <bweidlich@ripple.com>
bjoernw
force-pushed
the
adding_inscure_toggle
branch
from
0c71ef9
to
59f2be3
Compare
desimone
previously approved these changes
Apr 19, 2020
| #### DANGER: You have disabled TLS! | ||
| #### | ||
| #### Please only do this if you absolutely know what you are doing. | ||
| ############################################################################## |
|
@bjoernw just needs a version bump |
|
@desimone What version do you want me to bump this to? 8.3.0? Should I capture my change in the changelog in the readme? |
Seems good to me, going to ping @travisgroth to make sure this is a minor not a major version bump. I don't think it breaks existing so... should be fine.
Please do! |
Signed-off-by: Bjoern Weidlich <bweidlich@ripple.com>
bjoernw
force-pushed
the
adding_inscure_toggle
branch
from
88aa3c4
to
bf1d9f9
Compare
|
@desimone bumped it to 8.4.0 and added changelog. Looks good? |
desimone
requested changes
Apr 21, 2020
added 3 commits
April 21, 2020 11:16
Signed-off-by: Bjoern Weidlich <bweidlich@ripple.com>
Signed-off-by: Bjoern Weidlich <bweidlich@ripple.com>
…elm into adding_inscure_toggle
desimone
approved these changes
Apr 21, 2020
|
Thanks @bjoernw ! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The chart was lacking support for a way to run pomerium in insecure mode. My use case is that I would like to fold pomerium into my istio mesh and since istio already handles mutual-tls I did not need/want pomerium to do that as well. Since pomerium itself already supports an insecure mode I just needed to expose this toggle in the chart.
However, just setting environment variables INSECURE_SERVER and GRPC_INSECURE wasn't enough to get past the failing liveness and readiness checks which still had a scheme of "HTTPS" regardless of the value of INSECURE_SERVER or GRPC_INSECURE.
Here I create a single flag
config.insecurethat abstracts those details away.Let me know what you think.