-
Notifications
You must be signed in to change notification settings - Fork 30
New issue
Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? # to your account
fix: mount cert and ca to tempo-query #1038
Conversation
a69324e
to
7ef4fa9
Compare
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #1038 +/- ##
==========================================
+ Coverage 73.07% 73.10% +0.02%
==========================================
Files 106 106
Lines 6623 6630 +7
==========================================
+ Hits 4840 4847 +7
Misses 1493 1493
Partials 290 290
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. |
@@ -48,11 +48,11 @@ func BuildQueryFrontend(params manifestutils.Params) ([]client.Object, error) { | |||
|
|||
if gates.HTTPEncryption || gates.GRPCEncryption { | |||
caBundleName := naming.SigningCABundleName(tempo.Name) | |||
if err := manifestutils.ConfigureServiceCA(&d.Spec.Template.Spec, caBundleName, 0, 1); err != nil { | |||
if err := manifestutils.ConfigureServiceCA(&d.Spec.Template.Spec, caBundleName, 0, 1, 2); err != nil { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Does the jaeger-query
container use the certificates?
Not strictly related to this PR, but could we use the container name instead of the index of the container in the deployment?
Because of using the index, the TLS volume mounting broke in the first place :| (because the jaeger-query
container was added before the tempo-query
container in the deployment spec).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Does the jaeger-query container use the certificates?
I assume no. But I will check.
Not strictly related to this PR, but could we use the container name instead of the index of the container in the deployment?
Sure :)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@andreasgerstmayr I have added a quick patch on top to determine the container index based on the container names.
In the long term, this functionality should probably be provided in manifestutils
.
Signed-off-by: Benedikt Bongartz <bongartz@klimlive.de>
7ef4fa9
to
73aad47
Compare
Signed-off-by: Benedikt Bongartz <bongartz@klimlive.de>
Details: https://issues.redhat.com/browse/TRACING-4703