enable SSL for the SDK pod #285

laverya · 2025-06-02T22:57:49Z

What does this PR do?

This adds SSL support for the pod, and adds a bunch of dagger logging + a new dagger command

Does this PR introduce a user-facing change?

This adds a `tlsCertSecretName` parameter that when set will cause the SDK to serve traffic using the certificate from the named secret within the namespace.

chart/values.yaml

…ble-ssl-for-replicated-sdk-pod

laverya · 2025-06-06T18:22:47Z

Makefile

-	docker push ttl.sh/${USER}/replicated-sdk:24h
-
-	make -C chart build-ttl.sh
+	dagger call test-chart --progress=plain


the files this used to use were deleted with the move to dagger

staciegravy · 2025-06-06T18:30:07Z

pkg/apiserver/server.go

+}
+
+// loadTLSConfig loads TLS certificate and key from a Kubernetes secret
+func loadTLSConfig(clientset kubernetes.Interface, namespace, secretName string) (*tls.Config, error) {


Should we do some certificate validation here? At least check the expiry?

Honestly I don't think so? Is it better to fallback to non-tls, or is it better to just keep serving the provided certificate?

laverya added 2 commits June 2, 2025 18:54

initial TLS attempt

18d5436

remove broken 'make build-ttl.sh' command

061f307

laverya commented Jun 6, 2025

View reviewed changes

chart/values.yaml Outdated Show resolved Hide resolved

laverya added 2 commits June 6, 2025 10:06

Update chart/values.yaml

a4b2dbe

automatically set http/https status probe

a506ba3

laverya added the type::feature label Jun 6, 2025

laverya added 17 commits June 6, 2025 10:23

undo makefile change

0d8e7f3

reinclude build-ttl.sh

315c3a6

print image/chart locations in validate

9e8d950

new dagger command

0c88660

f

40cd6e8

exit logging

88c18ed

more validation logging

0efb1b9

undo test chart related changes

801f980

wait 15 minutes

2d66114

remove redundant logs

be8f9a7

add TLS testing

b0732e2

Merge remote-tracking branch 'origin/main' into laverya/sc-123955/ena…

97cde54

…ble-ssl-for-replicated-sdk-pod

login to registry

540d510

add success log

fa02e5a

remove unneeded param from test-chart call

789e092

fix the build ttl.sh call by making it call dagger instead

79aab5e

push wrapped chart in ttl.sh build, print destination

7cade08

laverya marked this pull request as ready for review June 6, 2025 18:16

laverya commented Jun 6, 2025

View reviewed changes

set the right helm value?

5cf89b7

staciegravy reviewed Jun 6, 2025

View reviewed changes

laverya added 3 commits June 6, 2025 14:48

ensure that the SDK pod is actually serving TLS traffic after update

cdfe05c

yaml...

7314277

fix deployment yaml

847b7ec

laverya added 21 commits June 6, 2025 16:17

apply why?

12dd2ab

logs?

37daba1

bad deployment yaml test

5449a86

stderr?

2eba412

yaml formatting and logging

ccf04d8

print deployment description after timeout

07e1cd5

check if replicated deployment is using https health check

7a6e6b3

delete old pod before waiting for new one

23f4e76

dir?

d82161f

logs and secrets

6e9dade

tls cert creation error checking

3371f3a

pass certs properly?

134e0b7

different type

d884c7d

fix file path

178c362

correct filepath fix?

db11141

secret create command

cf45f57

secret create logging

921765b

run ci again

8e08608

check if a file not existing results in logs

02303e6

chmod +r cert files, only run openshift test

c927b2f

F

20ccef9

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

enable SSL for the SDK pod #285

enable SSL for the SDK pod #285

laverya commented Jun 2, 2025 •

edited

Loading

Uh oh!

Uh oh!

laverya Jun 6, 2025

Uh oh!

staciegravy Jun 6, 2025

Uh oh!

laverya Jun 6, 2025

Uh oh!

Uh oh!

enable SSL for the SDK pod #285

Are you sure you want to change the base?

enable SSL for the SDK pod #285

Conversation

laverya commented Jun 2, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

What does this PR do?

Does this PR introduce a user-facing change?

Uh oh!

Uh oh!

laverya Jun 6, 2025

Choose a reason for hiding this comment

Uh oh!

staciegravy Jun 6, 2025

Choose a reason for hiding this comment

Uh oh!

laverya Jun 6, 2025

Choose a reason for hiding this comment

Uh oh!

Uh oh!

laverya commented Jun 2, 2025 •

edited

Loading