feat(cardano-node-api): add loadbalancer and secret support for TLS #73
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Contributor
verbotenj
commented
Jan 9, 2025
verbotenj
commented
- Add support to adjust Service type to LoadBalancer and ports
- Add Secret support for TLS configuration
- Fix selector matcher to exclude version labels (immutable) during helm upgrade
- Adjust the Service selector to align with Pod labels
verbotenj
force-pushed
the
feat/cardano-node-api
branch
2 times, most recently
from
5fcb56c to
cd36720
Compare
agaffney
reviewed
Jan 9, 2025
charts/cardano-node-api/values.yaml
Outdated
| secret: | ||
| enabled: false | ||
| tlsKey: "" | ||
| tlsCrt: "" |
There was a problem hiding this comment.
This would probably be better like the following:
tls:
enabled: true
key: foo
cert: foo
It's less awkward than secret.enabled for things like setting the HTTPS scheme on the health check
There was a problem hiding this comment.
I had to add the check back. The alternative would be generating a new key/cert pair.
{"level":"fatal","timestamp":"2025-01-09T03:39:56Z","caller":"cardano-node-api/main.go:113","msg":"failed to start gRPC: tls: failed to find any PEM data in certificate input","stacktrace":"main.main\n\t/app/cmd/cardano-node-api/main.go:113\nruntime.main\n\t/usr/lib/go/src/runtime/proc.go:272"}
7e82023 to
18cc749
Compare
agaffney
reviewed
Jan 9, 2025
| apiVersion: v1 | ||
| kind: Secret | ||
| metadata: | ||
| name: {{ include "cardano-node-api.fullname" . }}-wildcard-tls |
There was a problem hiding this comment.
The wildcard doesn't really make sense in this resource name
charts/cardano-node-api/values.yaml
Outdated
| secret: | ||
| enabled: false | ||
| tlsKey: foo | ||
| tlsCrt: foo |
There was a problem hiding this comment.
We should probably have these default to an empty string (or not be defined at all). The foo from my previous comment was just because I was being lazy typing 😁
verbotenj
force-pushed
the
feat/cardano-node-api
branch
from
18cc749 to
06bc188
Compare
Signed-off-by: Ales Verbic <verbotenj@blinklabs.io>
verbotenj
force-pushed
the
feat/cardano-node-api
branch
from
06bc188 to
c2af95b
Compare
agaffney
approved these changes
Jan 9, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.