From: Krisztian Lengyel Date: Mon, 16 Sep 2019 17:17:10 +0000 (-0400) Subject: Correct TLS settings for custom metrics X-Git-Url: https://gerrit.akraino.org/r/gitweb?a=commitdiff_plain;h=d70c4588d33ec7ae779753e088ccfbb0f0be37a6;p=ta%2Fcaas-install.git Correct TLS settings for custom metrics For some reason apiserver doesn't use it CA cert for APISservice connections, so it requires explicitly setting CA in the `caBundle` field of APIService object. After this TLS verification can be enforced. Depends-On: I50c9df36f3f0f757adcce359beb150d53ef2dc16 Change-Id: I016796751f8ecfb4f0feb69cf4a71379e796177c Signed-off-by: Krisztian Lengyel --- diff --git a/SPECS/infra-charts.spec b/SPECS/infra-charts.spec index aa8f193..8d38306 100644 --- a/SPECS/infra-charts.spec +++ b/SPECS/infra-charts.spec @@ -15,7 +15,7 @@ %define COMPONENT infra-charts %define RPM_NAME caas-%{COMPONENT} %define RPM_MAJOR_VERSION 1.0.0 -%define RPM_MINOR_VERSION 25 +%define RPM_MINOR_VERSION 26 Name: %{RPM_NAME} Version: %{RPM_MAJOR_VERSION} diff --git a/SPECS/instantiate.spec b/SPECS/instantiate.spec index 129338e..a0e3632 100644 --- a/SPECS/instantiate.spec +++ b/SPECS/instantiate.spec @@ -15,7 +15,7 @@ %define COMPONENT instantiate %define RPM_NAME caas-%{COMPONENT} %define RPM_MAJOR_VERSION 1.0.0 -%define RPM_MINOR_VERSION 15 +%define RPM_MINOR_VERSION 16 Name: %{RPM_NAME} Version: %{RPM_MAJOR_VERSION} diff --git a/infra-charts/templates/custom-metrics-apiservice.yaml b/infra-charts/templates/custom-metrics-apiservice.yaml index 05bb88e..023b77b 100644 --- a/infra-charts/templates/custom-metrics-apiservice.yaml +++ b/infra-charts/templates/custom-metrics-apiservice.yaml @@ -20,12 +20,13 @@ kind: APIService metadata: name: v1beta1.custom.metrics.k8s.io spec: + caBundle: "{{ .Values.prometheus.ca_bundle }}" service: name: custom-metrics-apiserver namespace: kube-system group: custom.metrics.k8s.io version: v1beta1 - insecureSkipTLSVerify: true + insecureSkipTLSVerify: false groupPriorityMinimum: 100 versionPriority: 100 {{ end }} diff --git a/infra-charts/values.yaml.j2 b/infra-charts/values.yaml.j2 index df7dec5..3a864bd 100644 --- a/infra-charts/values.yaml.j2 +++ b/infra-charts/values.yaml.j2 @@ -40,6 +40,7 @@ custom_metrics_api: container_version: {{ container_image_names | select('search', '/custom_metrics') | list | last | regex_replace('.*:([\\w\\-_\\.]+)$', '\\1') }} server_cert: {{ metrics_cert_b64 }} server_key: {{ metrics_cert_key_b64 }} + ca_bundle: {{ webhooks_ca }} svcwatcher: required: true