wire-server
wire-server copied to clipboard
wireapp
Ingress tls1.3 [WIP]
https://wearezeta.atlassian.net/browse/FS-33 version support: https://github.com/kubernetes/ingress-nginx#support-versions-table
This PR, once working (still WIP)
- allows TLS 1.3 connections (while maintaining TLS 1.2 support)
- upgrades the nginx-ingress chart to a recent version that supports TLS 1.3. This, as a result, requires kubernetes >= 1.19 (added a changelog entry for that)
- Any overrides will need to be adjusted (added a changelog entry for that)
Current issues:
Error: Service "test-bw4377dj3tiz-ic-2-ingress-nginx-controller" is invalid: spec.ports[0].nodePort: Invalid value: 31772: provided port is already allocated: seems like we can't do an in-place upgrade with helm on the existing controller; instead a migration needs to be devised & documented.
TODO:
- [ ] test on different k8s versions
- [ ] maybe also update api version of ingress definitions to match k8s 1.19+
Checklist
- [x] The PR Title explains the impact of the change.
- [x] The PR description provides context as to why the change should occur and what the code contributes to that effect. This could also be a link to a JIRA ticket or a Github issue, if there is one.
- [x] changelog.d contains the following bits of information:
- [x] A file with the changelog entry in one or more suitable sub-sections. The sub-sections are marked by directories inside
changelog.d.
- [x] A file with the changelog entry in one or more suitable sub-sections. The sub-sections are marked by directories inside
