Closed rahearn closed 1 year ago
I verified this works in notify's sandbox environment for both new relic and AWS service connections. Marking as ready for review but I'll also be deploying it to our staging environment soon if we want a longer run of use before merging.
I tagged @GSA/data-gov-support for a review of this. Will regroup on the ramifications to data.gov systems for moving this to the GSA-TTS
org as @mogul has suggested.
Looks like a lot of great work here, nice job!
I'm trying to follow along at home and it looks like this would do away with managing certs within the proxy. On datagov we have an action that restarts egress daily as there was historically an issue with certs expiring. Admittedly, we haven't revisited this issue, but this may allow us to remove that.
I'm trying to follow along at home and it looks like this would do away with managing certs within the proxy. On datagov we have an action that restarts egress daily as there was historically an issue with certs expiring. Admittedly, we haven't revisited this issue, but this may allow us to remove that.
You should not have seen that issue recurring since this earlier fix that Ryan submitted!
@mogul and/or @btylerburton did we get our approving rights figured out on this repo yet?
I added @GSA-TTS/cg-contributors as Admin
on the repository, and I left an approval, which seems to count:
The PR still wants a review from the data.gov team. I wasn't able to cancel that request, but I don't think it's actually blocking merge. Instead:
This PR does 2 things:
1) includes native TLS termination work @mogul started in #9 2) includes 61443 in the list of allowed ports.
For reasons I'm not entirely clear on, New Relic (at least the python flavor) cannot connect to its collector without the proxy allowing connections to itself in addition to
gov-collector.newrelic.com
. Adding*.apps.internal
can be done for each app in theirallow.acl
file, but theports
change needs to be made here.