Skip to content

[DO NOT MERGE] Add TLS certification to operator #166

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 4 commits into from
Closed

[DO NOT MERGE] Add TLS certification to operator #166

wants to merge 4 commits into from

Conversation

okankoAMZ
Copy link
Contributor

@okankoAMZ okankoAMZ commented May 2, 2024
edited
Loading

Background

We want to support TLS connection between Operator and Application Signals, to do that the TLS CA bundle certification must be passed to the customer's namespaces.

Important

With kubernaties you cannot share secrets between namespaces natively, you either need use a third-party syncing tool or copy it over.

Description of changes:
In this PR, we are reading the secret generated by helm-charts(see the warning below) using volume mount, then injecting that using a init-container. This container save this as a local file to be used in TLS process, creating a secure network layer.

Warning

This PR cannot be merged until the helm-chart PR is merged.

Testing

  1. Attach a demo application container
    Screenshot 2024-05-17 at 3 41 46 PM
    Here we can see that the init containers are attached properly
  1. Look at the container description
    Screenshot 2024-05-17 at 3 45 19 PM
    Here we can see that all volume mounts are correct
  1. Connect to demo application shell and check the cert with cat cert-volume/amazon-cloudwatch-agent/ca.crt
    Screenshot 2024-05-17 at 3 42 35 PM
    Here we can see that the cert is saved successfully.

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

@okankoAMZ okankoAMZ force-pushed the tls-operator branch 2 times, most recently from 238daf1 to a4d8f97 Compare May 2, 2024 21:36
@okankoAMZ okankoAMZ changed the title Tls operator Add TLS certification to operator May 8, 2024
@okankoAMZ okankoAMZ force-pushed the tls-operator branch 3 times, most recently from 9eb6657 to 517a1be Compare May 15, 2024 16:49
@okankoAMZ
init testing container injection
3676586 
Added injection

Adding unit tests

Fixing unit tests

added volume mount

Added seperate volume mount for tls

added volume mount unit tests
@okankoAMZ okankoAMZ force-pushed the tls-operator branch 23 times, most recently from e582906 to 9048fd0 Compare May 17, 2024 18:45
@okankoAMZ okankoAMZ force-pushed the tls-operator branch 2 times, most recently from 4dc2373 to a0ec0bf Compare May 17, 2024 19:08
okankoAMZ added 2 commits May 17, 2024 15:22
@okankoAMZ
Fixing pod mutator tests
0d9aba7
@okankoAMZ
Added indexing to container
2d888b1 
Changed append structure

Added guard-rails
@okankoAMZ okankoAMZ changed the title Add TLS certification to operator [DO NOT MERGE] Add TLS certification to operator May 17, 2024
@okankoAMZ okankoAMZ marked this pull request as ready for review May 17, 2024 19:46
@lisguo lisguo closed this Jun 12, 2024
@lisguo lisguo deleted the tls-operator branch August 5, 2024 15:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@okankoAMZ @lisguo