update(falcosidekick): Upgrade to v2.28 #512
Conversation
poiana
added
do-not-merge/work-in-progress
kind/chart-release
Issif
changed the title
|
Can you update this PR with this last feature, I'll review then falcosecurity/falcosidekick#565 Thanks |
Lowaiz
force-pushed
the
update/falcosidekick-2.28
branch
from
b37d993
to
039e4c6
Compare
|
Updated to the last merged PR. |
Lowaiz
force-pushed
the
update/falcosidekick-2.28
branch
from
7e8813d
to
443ab5d
Compare
Signed-off-by: Lyonel Martinez <[email protected]>
Lowaiz
force-pushed
the
update/falcosidekick-2.28
branch
from
443ab5d
to
b5041fa
Compare
Lowaiz
changed the title
| - name: MUTUALTLSFILESPATH | ||
| value: {{ .Values.config.mutualtlsfilespath | quote }} | ||
| - name: MUTUALTLSCLIENT_CERTFILE | ||
| value: {{ .Values.config.mutualtlsclient.certfile | quote }} | ||
| - name: MUTUALTLSCLIENT_KEYFILE | ||
| value: {{ .Values.config.mutualtlsclient.keyfile | quote }} | ||
| - name: MUTUALTLSCLIENT_CACERTFILE | ||
| value: {{ .Values.config.mutualtlsclient.cacertfile | quote }} | ||
| - name: TLSSERVER_DEPLOY | ||
| value: {{ .Values.config.tlsserver.deploy | quote }} | ||
| - name: TLSSERVER_CERTFILE | ||
| value: {{ .Values.config.tlsserver.certfile | quote }} | ||
| - name: TLSSERVER_KEYFILE | ||
| value: {{ .Values.config.tlsserver.keyfile | quote }} | ||
| - name: TLSSERVER_CACERTFILE | ||
| value: {{ .Values.config.tlsserver.cacertfile | quote }} |
There was a problem hiding this comment.
We need to go further, as nothing is already there to add the cert and key files, these settings are useless. We need to mount secrets as volumes.
There was a problem hiding this comment.
Does including TLS and mTLS server configs is a repetition of the ingress job ?
With the way of doing thing inside Kubernetes, do we need to let the possibility to activate this kind of feature inside the pod ?
There was a problem hiding this comment.
I think the best method to handle the TLS and mTLS use cases, for the chart, is to use the Ingress options and not let these 2 happen in the pod.
There was a problem hiding this comment.
Some users expect the pods to communicate with TLS, but OK. Let's keep as is for now.
| # -- CA certification file for client certification if mutualtls is true | ||
| cacertfile: "/etc/certs/server/ca.crt" | ||
| # -- port to serve http server serving selected endpoints | ||
| notlsport: 2810 |
There was a problem hiding this comment.
we need to open this port in the service and ingress with the excluded paths from TLS
Signed-off-by: Lyonel Martinez <[email protected]>
Lowaiz
force-pushed
the
update/falcosidekick-2.28
branch
from
e41e56c
to
7a69b1e
Compare
|
LGTM label has been added. Git tree hash: 630f9b68a0a4eaf0b55f8f74e8d61413d6494752
|
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: Issif, Lowaiz The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
@Lowaiz can you open the PR for the falco chart now please? |
What type of PR is this?
/kind feature
/kind chart-release
Any specific area of the project related to this PR?
/area falcosidekick-chart
What this PR does / why we need it:
Update values, env and secrets to fit new features of the next falcosidekick update
Which issue(s) this PR fixes:
None
Special notes for your reviewer:
Ping to @Issif, with the large milestone that v2.28 is, I think that might help a little bit.
Checklist