Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

enable grpc broker work with openshift route and customize certificate. #241

Merged
merged 1 commit into from
Jan 14, 2025
Merged

enable grpc broker work with openshift route and customize certificate. #241

merged 1 commit into from
Jan 14, 2025

Conversation

morvencao
Copy link
Contributor

@morvencao morvencao mentioned this pull request Jan 7, 2025
Closed
@morvencao
Copy link
Contributor Author

/assign @clyang82

clyang82
clyang82 reviewed Jan 13, 2025
View reviewed changes
cmd/maestro/server/grpc_broker.go
check(fmt.Errorf("failed to append broker client CA to cert pool"), "Can't start gRPC broker")
}
tlsConfig.ClientCAs = certPool
tlsConfig.ClientAuth = tls.RequireAndVerifyClientCert
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we use verify-full?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

look like no verify-full, I get this from https://github.com/grpc/grpc-go/blob/master/examples/features/encryption/mTLS/server/main.go#L67C1-L71C3

@clyang82
Copy link
Contributor

/ok-to-test

@morvencao morvencao force-pushed the br_grpc_enhancement branch from c58762f to 9464d47 Compare January 13, 2025 14:52
@morvencao
Copy link
Contributor Author

rebased the code.

clyang82
clyang82 reviewed Jan 14, 2025
View reviewed changes
test/helper.go
@@ -139,6 +139,8 @@ func NewHelper(t *testing.T) *Helper {
// Set the healthcheck interval to 1 second for testing
helper.Env().Config.HealthCheck.HeartbeartInterval = 1
helper.HealthCheckServer = server.NewHealthCheckServer()
// Disable TLS for testing
helper.Env().Config.GRPCServer.DisableTLS = true
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why do you disable TLS here? I saw you are using OCP serving certs to generate certs.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

tls is disabled for integration testing, this is how helper.Env().Config.GRPCServer.DisableTLS = true works.
but for e2e testing, it is enabled, we generate the openshift serving certificate for grpc broker TLS.

@clyang82
Copy link
Contributor

/ok-to-test

clyang82
clyang82 approved these changes Jan 14, 2025
View reviewed changes
Copy link
Contributor

@clyang82 clyang82 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@clyang82 clyang82 merged commit 5e1e89c into openshift-online:main Jan 14, 2025
7 checks passed
@morvencao morvencao deleted the br_grpc_enhancement branch January 14, 2025 07:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@clyang82 clyang82 clyang82 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@morvencao @clyang82