Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Wait for handler startup until TLS has been established #321

Closed
wants to merge 11 commits into from
Closed

Wait for handler startup until TLS has been established #321

wants to merge 11 commits into from

Conversation

RemcoBuddelmeijer
Copy link

Adds the logic needed for toggle-able server wait. This prevents errors from any requests being sent to the HTTP server, most notably the kubelet or the kube-api.

Linked issue(s)
#320

@RemcoBuddelmeijer
Add Mutex to wait for certificate update before starting handler
5848f0f 
Add a Mutex before starting the handler and if certificate has not been updated yet: unlock the mutex.
Simple solution without over usage of channels. Kept in function scope to prevent clutter and keep the ownership locally.
@RemcoBuddelmeijer
Ensure TLS configuration is correct before waiting for certificate
5e10d76 
Check the TLS minimum version and cipher suites before waiting for certificates to be loaded in.
This prevents longer startup times when misconfigured.
@RemcoBuddelmeijer
Add flag server-wait-for-tls-cert
dbc8e8a 
Add the flag server-wait-for-tls-cert to be able to toggle the behaviour of waiting for the TLS to be updated before starting HTTP server.
@RemcoBuddelmeijer
Change split_words to envconfig to maintain grammar
11deb4f 
Change split_words to envconfig to maintain the _tls_ instead of t_l_s
@RemcoBuddelmeijer
Add environment variable for server wait for TLS to deployment.yaml
ca260c5 
Add AGENT_INJECT_SERVER_WAIT_FOR_TLS_CERT environment variable with default to true
@RemcoBuddelmeijer
Update info message when TLS certificate has been updated
a67972e
@RemcoBuddelmeijer RemcoBuddelmeijer marked this pull request as draft February 26, 2022 21:24
@RemcoBuddelmeijer
Copy link
Author

RemcoBuddelmeijer commented Feb 26, 2022
edited
Loading

Back in draft to migrate sync.Cond to semaphore.Weighted alternative

@RemcoBuddelmeijer
Move wait for TLS cert logic to own function
f5c3d45
@RemcoBuddelmeijer
Cleaning up code with semaphore
e08d7d7 
Rather than using a condition decided to use a semaphore.
Mutexes aren't ment for wait-conditions, yet the calls made are less than
with a semaphore. Decided to neglect that and go with semaphores.
@RemcoBuddelmeijer
Add semaphore dependencies to go.mod
a1372e7
@RemcoBuddelmeijer
Finalize migration from sync.Cond to semaphore.Weighted
b27c48a
@RemcoBuddelmeijer RemcoBuddelmeijer marked this pull request as ready for review February 27, 2022 10:08
@hashicorp-cla
Copy link

hashicorp-cla commented Mar 12, 2022
edited
Loading

CLA assistant check
All committers have signed the CLA.

@tvoran
Copy link
Member

tvoran commented May 25, 2022

Thanks for the patch here, though we decided to go with a channel-based approach in #354.

@tvoran tvoran closed this May 25, 2022
@RemcoBuddelmeijer RemcoBuddelmeijer deleted the feature/wait-for-cert branch May 25, 2022 23:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@RemcoBuddelmeijer @hashicorp-cla @tvoran