Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(ExternalService): add skip hostname verification for external services #7633

Merged
merged 12 commits into from
Sep 18, 2023
Merged

feat(ExternalService): add skip hostname verification for external services #7633

merged 12 commits into from
Sep 18, 2023

Conversation

alparslanavci
Copy link
Contributor

@alparslanavci alparslanavci commented Sep 4, 2023
edited
Loading

The external services were automatically doing verification for hostnames on TLS certificates when TLS was enabled. This update adds a flag to the external service definition to skip this verification. By default, it is false.

Fix #7121

Checklist prior to review

  • Link to relevant issue as well as docs and UI issues --
  • This will not break child repos: it doesn't hardcode values (.e.g "kumahq" as a image registry) and it will work on Windows, system specific functions like syscall.Mkfifo have equivalent implementation on the other OS --
  • Tests (Unit test, E2E tests, manual test on universal and k8s) --
  • Do you need to update UPGRADE.md? --
  • Does it need to be backported according to the backporting policy? (this GH action will add "backport" label based on these file globs, if you want to prevent it from adding the "backport" label use no-backport-autolabel label) --
  • Do you need to explicitly set a > Changelog: entry here or add a ci/ label to run fewer/more tests?

@alparslanavci
feat(xds): add skip hostname verification for external services
224d397 
The external services were automatically doing verification for
hostnames on TLS certificates when TLS is enabled. This update
adds a flag to the external service definition to skip this
verification. By default, it is false.

Fix kumahq#7121

Signed-off-by: Alparslan Avci <[email protected]>
@alparslanavci alparslanavci requested a review from a team as a code owner September 4, 2023 08:42
@alparslanavci alparslanavci requested review from Automaat and bartsmykla and removed request for a team September 4, 2023 08:42
lukidzi
lukidzi requested changes Sep 7, 2023
View reviewed changes
Copy link
Contributor

@lukidzi lukidzi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the contribution. I left a comment to change the field number

@alparslanavci
Copy link
Contributor Author

Thanks for the review, @lukidzi!

I pushed a commit to update it. I'll appreciate it if you can have a look at it again. After the merge, I'll also send a PR to the docs repo.

@alparslanavci
Copy link
Contributor Author

Hi @lukidzi, should I need to do anything for this PR? Please let me know if so!

@lukidzi lukidzi merged commit c3c3fb5 into kumahq:master Sep 18, 2023
@lukidzi
Copy link
Contributor

lukidzi commented Sep 18, 2023
edited
Loading

Merged, thanks for the contribution 👍 @alparslanavci

@lahabana lahabana changed the title feat(xds): add skip hostname verification for external services feat(ExternalService): add skip hostname verification for external services Nov 3, 2023
@BrewTestBot BrewTestBot mentioned this pull request Nov 15, 2023
Merged
@jakubdyszkiewicz jakubdyszkiewicz mentioned this pull request Jan 2, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lukidzi lukidzi lukidzi approved these changes

@Automaat Automaat Awaiting requested review from Automaat Automaat is a code owner automatically assigned from kumahq/kuma-maintainers

@bartsmykla bartsmykla Awaiting requested review from bartsmykla bartsmykla is a code owner automatically assigned from kumahq/kuma-maintainers

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Skip hostname verification for external services
2 participants
@alparslanavci @lukidzi