Skip to content

enable SSL for the SDK pod #285

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 46 commits into
base: main
Choose a base branch
from

Conversation

laverya
Copy link
Member

@laverya laverya commented Jun 2, 2025

What does this PR do?

This adds SSL support for the pod, and adds a bunch of dagger logging + a new dagger command

Does this PR introduce a user-facing change?

This adds a `tlsCertSecretName` parameter that when set will cause the SDK to serve traffic using the certificate from the named secret within the namespace.

@laverya laverya marked this pull request as ready for review June 6, 2025 18:16
Comment on lines -62 to +61
docker push ttl.sh/${USER}/replicated-sdk:24h

make -C chart build-ttl.sh
dagger call test-chart --progress=plain
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

the files this used to use were deleted with the move to dagger

}

// loadTLSConfig loads TLS certificate and key from a Kubernetes secret
func loadTLSConfig(clientset kubernetes.Interface, namespace, secretName string) (*tls.Config, error) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we do some certificate validation here? At least check the expiry?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Honestly I don't think so? Is it better to fallback to non-tls, or is it better to just keep serving the provided certificate?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants