search

operator-framework / rukpak

RukPak runs in a Kubernetes cluster and defines APIs for installing cloud native content
Apache License 2.0
52 stars 50 forks source link

Update certificate support #920

Closed tmshort closed 3 months ago

tmshort commented 3 months ago

Remove rootCAs from the NewDefaultUnpacker API, the argument is no longer used for HTTP transport.

Add CertificateData to the ImageSource struct. This is PEM-encoded data (straight from a Secret[tls.crt]) to be used to validate the certificate used to access an image regidstry (works along side the InsecureSkipTLSVerify option).

tmshort commented 3 months ago

This is necessary to get certs work on a per-ClusterExtension basis for an image registry. The CertifcateData is PEM to avoid rukpak having to look up secrets, etc. The creator of the BundleDeployment needs to do the lookup, etc. The default is to use system provided CAs, and those are included even if CertificateData is specified.

codecov[bot] commented 3 months ago

Codecov Report

Attention: Patch coverage is 0% with 17 lines in your changes missing coverage. Please review.

Project coverage is 14.42%. Comparing base (352d42f) to head (c8117d8). Report is 4 commits behind head on main.

Files Patch % Lines
pkg/source/image_registry.go 0.00% 14 Missing :warning:
cmd/core/main.go 0.00% 1 Missing :warning:
cmd/helm/main.go 0.00% 1 Missing :warning:
pkg/source/unpacker.go 0.00% 1 Missing :warning:
Additional details and impacted files ```diff @@ Coverage Diff @@ ## main #920 +/- ## ========================================== - Coverage 14.44% 14.42% -0.03% ========================================== Files 41 41 Lines 2554 2558 +4 ========================================== Hits 369 369 - Misses 2128 2132 +4 Partials 57 57 ```

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

tmshort commented 3 months ago

The code is tested in the e2e, but that doesn't count toward code coverage.