apitech
/
loki
mirror of https://github.com/grafana/loki
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

operator: Disable client certificate authentication on gateway (#6594)

Browse Source
pull/6611/head
Robert Jacob 3 years ago committed by GitHub
parent 7f9536ff96
commit d804e24c26
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 5 additions and 0 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 1
      operator/CHANGELOG.md
  2. 3
      operator/internal/manifests/gateway_tenants_test.go
  3. 1
      operator/internal/manifests/openshift/configure.go

1
operator/CHANGELOG.md
Unescape View File

@ -1,5 +1,6 @@
## Main
- [6594](https://github.com/grafana/loki/pull/6594) **xperimental**: Disable client certificate authentication on gateway
- [6551](https://github.com/grafana/loki/pull/6561) **periklis**: Add operator docs for object storage
- [6549](https://github.com/grafana/loki/pull/6549) **periklis**: Refactor feature gates to use custom resource definition
- [6514](https://github.com/grafana/loki/pull/6514) **Red-GV** Update all pods and containers to be compliant with restricted Pod Security Standard

3
operator/internal/manifests/gateway_tenants_test.go
Unescape View File

@ -258,6 +258,7 @@ func TestConfigureDeploymentForMode(t *testing.T) {
"--logs.tail.endpoint=http://example.com",
"--logs.write.endpoint=http://example.com",
fmt.Sprintf("--web.healthchecks.url=https://localhost:%d", gatewayHTTPPort),
"--tls.client-auth-type=NoClientCert",
"--tls.server.cert-file=/var/run/tls/http/tls.crt",
"--tls.server.key-file=/var/run/tls/http/tls.key",
"--tls.healthchecks.server-ca-file=/var/run/ca/service-ca.crt",
@ -429,6 +430,7 @@ func TestConfigureDeploymentForMode(t *testing.T) {
"--logs.tail.endpoint=http://example.com",
"--logs.write.endpoint=http://example.com",
fmt.Sprintf("--web.healthchecks.url=https://localhost:%d", gatewayHTTPPort),
"--tls.client-auth-type=NoClientCert",
"--tls.server.cert-file=/var/run/tls/http/tls.crt",
"--tls.server.key-file=/var/run/tls/http/tls.key",
"--tls.healthchecks.server-ca-file=/var/run/ca/service-ca.crt",
@ -613,6 +615,7 @@ func TestConfigureDeploymentForMode(t *testing.T) {
"--logs.write.endpoint=https://example.com",
fmt.Sprintf("--web.healthchecks.url=https://localhost:%d", gatewayHTTPPort),
"--logs.tls.ca-file=/var/run/ca/service-ca.crt",
"--tls.client-auth-type=NoClientCert",
"--tls.server.cert-file=/var/run/tls/http/tls.crt",
"--tls.server.key-file=/var/run/tls/http/tls.key",
"--tls.healthchecks.server-ca-file=/var/run/ca/service-ca.crt",

1
operator/internal/manifests/openshift/configure.go
Unescape View File

@ -98,6 +98,7 @@ func ConfigureGatewayDeployment(
keyFilePath := path.Join(tlsDir, keyFile)
caFilePath := path.Join(caDir, caFile)
gwArgs = append(gwArgs,
"--tls.client-auth-type=NoClientCert",
fmt.Sprintf("--tls.server.cert-file=%s", certFilePath),
fmt.Sprintf("--tls.server.key-file=%s", keyFilePath),
fmt.Sprintf("--tls.healthchecks.server-ca-file=%s", caFilePath),

Write Preview
Loading…
Cancel
Save