Enable MTLS memcached auth#537
Enable MTLS memcached auth#537openshift-merge-bot[bot] merged 1 commit intoopenstack-k8s-operators:mainfrom
Conversation
|
Build failed (check pipeline). Post https://softwarefactory-project.io/zuul/t/rdoproject.org/buildset/e511b44b220640d5aea13c8f405b486b ❌ openstack-k8s-operators-content-provider FAILURE in 8m 26s |
|
Build failed (check pipeline). Post https://softwarefactory-project.io/zuul/t/rdoproject.org/buildset/e15d39af00cc4ee5a1e2adb8ef4f465d ❌ openstack-k8s-operators-content-provider FAILURE in 8m 55s |
|
Build failed (check pipeline). Post https://softwarefactory-project.io/zuul/t/rdoproject.org/buildset/df73549d3369427784e7f57a8fdc49df ❌ openstack-k8s-operators-content-provider FAILURE in 9m 25s |
|
recheck |
|
Build failed (check pipeline). Post https://softwarefactory-project.io/zuul/t/rdoproject.org/buildset/26ef219f74804d1186840b29d1c283b9 ❌ openstack-k8s-operators-content-provider FAILURE in 7m 40s |
This commit allows operators to use mtls as an authentication method against Memcached. Heat controllers will detect the presence of a purposely-created mtls certificate (authCertSecret) and use this to configure the [keystone_authtoken] section accordingly. Additional volumes/volumemounts will be appended to each pod. Note that this commit switches from MemcachedServersWithInet to MemcachedServers as keystone-middleware uses oslo.cache and as such there is no need to use "[]" to enclose the list of memcached servers even for ipv6.
|
Still lgtm fwiw. |
|
@bshephar: changing LGTM is restricted to collaborators DetailsIn response to this: Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: bshephar, lmiccini, slagle, stuggi The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-merge-bot
bot
merged commit c47cd9e
into
openstack-k8s-operators:main
5 participants
This commit allows operators to use mtls as an authentication method against Memcached.
Heat controllers will detect the presence of a purposely-created mtls certificate (authCertSecret) and use this to configure the [cache] and [keystone_authtoken] sections accordingly.
Additional volumes/volumemounts will be appended to each pod.
Note that this commit switches from MemcachedServersWithInet to MemcachedServers since keystone-middleware now uses pymemcache when tls=true and there is no need to use "[]" to enclose the list of memcached servers even for ipv6.