Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix mutual TLS configuration with Console #170

Merged
merged 6 commits into from
Jul 30, 2024
Merged

Fix mutual TLS configuration with Console #170

merged 6 commits into from
Jul 30, 2024

Conversation

RafalKorepta
Copy link
Contributor

@RafalKorepta RafalKorepta commented Jul 12, 2024
edited
Loading

@RafalKorepta RafalKorepta changed the title Fix mutual TLS configuration with Connectors Fix mutual TLS configuration with Console Jul 12, 2024
@RafalKorepta RafalKorepta force-pushed the rk/K8S-261/mTLS-configuration branch from d977a6c to 4e432e7 Compare July 12, 2024 19:35
@RafalKorepta RafalKorepta mentioned this pull request Jul 12, 2024
Closed
chrisseto
chrisseto approved these changes Jul 12, 2024
View reviewed changes
Copy link
Contributor

@chrisseto chrisseto left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you also bump the version of the helm chart in go.mod so the JSON compat tests will run with the new field? You might see errors if you don't actually 🤔

@RafalKorepta RafalKorepta force-pushed the rk/K8S-261/mTLS-configuration branch 2 times, most recently from 45e74a2 to da07133 Compare July 29, 2024 14:01
chrisseto
chrisseto approved these changes Jul 29, 2024
View reviewed changes
Copy link
Contributor

@chrisseto chrisseto left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It'd be nice to see the ordering handled a bit more clearly before merging. Otherwise LGTM.

tiny nit: you could have aliased rpadmin as admin to save yourself some typing :P

@RafalKorepta RafalKorepta force-pushed the rk/K8S-261/mTLS-configuration branch 7 times, most recently from 5bc4c3f to c6e2ff6 Compare July 30, 2024 07:18
@RafalKorepta
Fix mutual TLS configuration with Console
4882cc4
@RafalKorepta
Add safe check to prevent nil pointer dereference
936a6fe 
The following panic was reported by end 2 end tests:
```
panic: runtime error: invalid memory address or nil pointer dereference [recovered]
	panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x20 pc=0x283b2ca]

goroutine 485 [running]:
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Reconcile.func1()
/root/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.17.2/pkg/internal/controller/controller.go:116 +0x1e5
panic({0x2c10280?, 0x50bf550?})
	/root/go/pkg/mod/golang.org/toolchain@v0.0.1-go1.22.4.linux-amd64/src/runtime/panic.go:770 +0x132
github.com/redpanda-data/redpanda-operator/src/go/k8s/internal/controller/redpanda.(*Reconciling).Do(0xc0009baee8, {0x3623e80, 0xc001555770}, 0xc000111808, 0x0, {{0x362e040?, 0xc000f1faa0?}, 0x4?})
	/work/src/go/k8s/internal/controller/redpanda/console_controller.go:200 +0x52a
github.com/redpanda-data/redpanda-operator/src/go/k8s/internal/controller/redpanda.(*ConsoleReconciler).Reconcile(0xc000442a80, {0x3623e48?, 0xc000f1fa40?}, {{{0xc0013d11a0?, 0x5?}, {0xc001510840?, 0xc001dd1d10?}}})
	/work/src/go/k8s/internal/controller/redpanda/console_controller.go:157 +0xb8d
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Reconcile(0x362e040?, {0x3623e48?, 0xc000f1fa40?}, {{{0xc0013d11a0?, 0xb?}, {0xc001510840?, 0x0?}}})
	/root/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.17.2/pkg/internal/controller/controller.go:119 +0xb7
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler(0xc0009c81e0, {0x3623e80, 0xc00099d220}, {0x2d9ab20, 0xc001d337a0})
	/root/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.17.2/pkg/internal/controller/controller.go:316 +0x3bc
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem(0xc0009c81e0, {0x3623e80, 0xc00099d220})
/root/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.17.2/pkg/internal/controller/controller.go:266 +0x1be
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2.2()
	/root/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.17.2/pkg/internal/controller/controller.go:227 +0x79
created by sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2 in goroutine 196
/root/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.17.2/pkg/internal/controller/controller.go:223 +0x50c
```

The following line
```
	ingressResource = ingressResource.WithTLS(resources.LEClusterIssuer, fmt.Sprintf("%s-redpanda", cluster.GetName()))
```
could only panic in the GetName function based on the stack trace.
@RafalKorepta
Add debug information when additional configuration test fails
c423939 
As the verify-config.sh script fails with exit 1 if it exhausts all retires
and kuttle does not move to next step that get-redpanda-info.sh script will
be called when retires are exhausted.

Ref
https://buildkite.com/redpanda/redpanda-operator/builds/1812#0190abbe-38cd-41cf-8825-cf7a65b13505/4673-4716
@RafalKorepta
Order attached resources
ee8d436 
End to end test shows the problem when broker configuration changes requires Redpanda
process restart, but iterating over map is not deterministic. Order of creation that is
defined in cluster_controller.go should be preserved in Ensure function. With that commit
order will be preserved.
@RafalKorepta
Update helm-chart go dependency
2e1d859
@RafalKorepta RafalKorepta force-pushed the rk/K8S-261/mTLS-configuration branch 3 times, most recently from fdfc490 to 35c44f1 Compare July 30, 2024 08:31
@RafalKorepta
Change the rpk admin dependency to common-go
f14c4f6 
All changes to the rpk config package are required, as this commit brings
changes to go mod which updates rpk package.

Reference
#171
@RafalKorepta RafalKorepta force-pushed the rk/K8S-261/mTLS-configuration branch from 35c44f1 to f14c4f6 Compare July 30, 2024 09:27
@RafalKorepta RafalKorepta merged commit 2dd7bbc into main Jul 30, 2024
4 checks passed
@RafalKorepta RafalKorepta deleted the rk/K8S-261/mTLS-configuration branch August 6, 2024 22:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@chrisseto chrisseto chrisseto approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@RafalKorepta @chrisseto