netobserv-ebpf-agent icon indicating copy to clipboard operation
netobserv-ebpf-agent copied to clipboard

Published 20 hours ago verified publisher icon netobserv

NETOBSERV-1101: secure GRPC connection

Open jotak opened this issue 2 years ago • 4 comments

  • Add TLS and mTLS configuration to allow secure GRPC (when not using Kafka), on the same model than Kafka TLS
  • Log a warning when insecure is used

(opening as draft as I did not test yet)

Related PRs:

  • FLP: https://github.com/netobserv/flowlogs-pipeline/pull/469
  • Operator: WIP

jotak avatar Jul 31 '23 10:07 jotak

@jotak: This pull request references NETOBSERV-1101 which is a valid jira issue.

In response to this:

  • Add TLS and mTLS configuration to allow secure GRPC (when not using Kafka), on the same model than Kafka TLS
  • Log a warning when insecure is used

(opening as draft as I did not test yet)

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

openshift-ci-robot avatar Jul 31 '23 10:07 openshift-ci-robot

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: Once this PR has been reviewed and has the lgtm label, please ask for approval from jotak. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment Approvers can cancel approval by writing /approve cancel in a comment

openshift-ci[bot] avatar Jul 31 '23 10:07 openshift-ci[bot]

Codecov Report

Attention: Patch coverage is 20.00000% with 32 lines in your changes missing coverage. Please review.

Project coverage is 38.33%. Comparing base (8150ccc) to head (7fda953). Report is 203 commits behind head on main.

Files with missing lines Patch % Lines
pkg/agent/tls.go 0.00% 21 Missing :warning:
pkg/agent/agent.go 0.00% 8 Missing :warning:
pkg/grpc/client.go 66.66% 1 Missing and 2 partials :warning:
Additional details and impacted files 
@@            Coverage Diff             @@
##             main     #166      +/-   ##
==========================================
- Coverage   38.66%   38.33%   -0.34%     
==========================================
  Files          31       31              
  Lines        2255     2280      +25     
==========================================
+ Hits          872      874       +2     
- Misses       1334     1355      +21     
- Partials       49       51       +2
Flag Coverage Δ
unittests 38.33% <20.00%> (-0.34%) :arrow_down:

Flags with carried forward coverage won't be shown. Click here to find out more.

Files with missing lines Coverage Δ
pkg/exporter/grpc_proto.go 73.91% <100.00%> (ø)
pkg/grpc/client.go 61.90% <66.66%> (-6.85%) :arrow_down:
pkg/agent/agent.go 37.07% <0.00%> (-0.78%) :arrow_down:
pkg/agent/tls.go 0.00% <0.00%> (ø)

codecov[bot] avatar Jul 31 '23 10:07 codecov[bot]

@jotak: This pull request references NETOBSERV-1101 which is a valid jira issue.

In response to this:

  • Add TLS and mTLS configuration to allow secure GRPC (when not using Kafka), on the same model than Kafka TLS
  • Log a warning when insecure is used

(opening as draft as I did not test yet)

Related PRs:

  • FLP: https://github.com/netobserv/flowlogs-pipeline/pull/469
  • Operator: WIP

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

openshift-ci-robot avatar Aug 01 '23 17:08 openshift-ci-robot