New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
rgw: read tls secret hint for insecure tls #9020
Conversation
If we agree on the proposal I'll add unit tests. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
How about adding the option to cephobjectstore
than in the secret of cert, useincsecureinternal
to something and specify it is only applicable to rook operator in the doc.. The main limitation with cert is that, RGW do support TLS k8s secrets for setting the certs in which adding this option is difficult and same applies for the service serving cert
I'm actually trying to not use a CR setting since I don't want to advocate for this option. I'd like to keep it hidden but still accommodate some users... But I agree it's arguable. I guess it's fine if this does not work with k8s secrets for cert and |
Seems like it should be a CR setting, and just document that it's not recommended. Otherwise, how will the few users that require it even discover the setting? |
I was thinking of adding a comment in our documentation. |
Ok, so anyone reading docs about the secret should at least see the option. It seems reasonable to keep it simple in the secret. |
Indeed. |
@Mergifyio rebase |
✅ Branch has been successfully rebased |
@leseb : Okay then, lets the add require documentation holding all the above information |
f525b69
to
3d35d69
Compare
The clusterInfo has the parent Context so let's use it. Signed-off-by: Sébastien Han <seb@redhat.com>
If the admin wants to use insecure TLS to validate connections to rgw internally, the TLS secret can have another entry "insecureSkipVerify" and set it to "true". Signed-off-by: Sébastien Han <seb@redhat.com>
rgw: read tls secret hint for insecure tls (backport #9020)
Description of your changes:
If the admin wants to use insecure TLS to validate connections to rgw
internally, the TLS secret can have another entry "insecureSkipVerify"
and set it to "true".
Signed-off-by: Sébastien Han seb@redhat.com
Which issue is resolved by this Pull Request:
Resolves #8993
Checklist:
make codegen
) has been run to update object specifications, if necessary.