Skip to content

feat(images): fetch TLS certificate from secret for upload endpoints#2235

Merged
hardcoretime merged 1 commit into
mainfrom
feat/images/upload-tls-cert-retrieval
Apr 20, 2026
Merged

feat(images): fetch TLS certificate from secret for upload endpoints#2235
hardcoretime merged 1 commit into
mainfrom
feat/images/upload-tls-cert-retrieval

Conversation

@hardcoretime
Copy link
Copy Markdown
Contributor

@hardcoretime hardcoretime commented Apr 17, 2026
edited by Isteb4k
Loading

Description

Added TLS certificate retrieval from secrets for upload endpoints to fix TLS verification errors when using self-signed certificates.

Why do we need it, and what problem does it solve?

When the cluster uses a self-signed certificate for the ingress controller, the IsUploaderReady function fails with TLS verification error because it doesn't have access to the TLS secret containing the CA certificate. This prevents users from uploading images through the upload endpoint.

The fix retrieves the TLS secret from the cluster and passes it to the IsUploaderReady function, enabling proper TLS verification.

What is the expected result?

Upload endpoints work correctly with TLS verification, even when the ingress controller uses self-signed certificates. The implementation also supports legacy naming of TLS secrets for backward compatibility.

Checklist

  • The code is covered by unit tests.
  • e2e tests passed.
  • Documentation updated according to the changes.
  • Changes were tested in the Kubernetes cluster manually.

feat(images): fetch TLS certificate from secret for upload endpoints
a8a7bf5 
Signed-off-by: Roman Sysoev <roman.sysoev@flant.com>
@hardcoretime hardcoretime added this to the v1.8.0 milestone Apr 17, 2026
@hardcoretime hardcoretime marked this pull request as ready for review April 17, 2026 23:11
@hardcoretime hardcoretime added the e2e/run Run e2e test on cluster of PR author label Apr 17, 2026
@deckhouse-BOaTswain
Copy link
Copy Markdown
Contributor

deckhouse-BOaTswain commented Apr 17, 2026
edited
Loading

Workflow has started.
Follow the progress here: Workflow Run

The target step completed with status: failure.

@deckhouse-BOaTswain deckhouse-BOaTswain removed the e2e/run Run e2e test on cluster of PR author label Apr 18, 2026
@hardcoretime hardcoretime added the e2e/run Run e2e test on cluster of PR author label Apr 18, 2026
@deckhouse-BOaTswain
Copy link
Copy Markdown
Contributor

deckhouse-BOaTswain commented Apr 18, 2026
edited
Loading

Workflow has started.
Follow the progress here: Workflow Run

The target step completed with status: failure.

@deckhouse-BOaTswain deckhouse-BOaTswain removed the e2e/run Run e2e test on cluster of PR author label Apr 18, 2026
@hardcoretime hardcoretime merged commit 11a116d into main Apr 20, 2026
131 of 138 checks passed
@hardcoretime hardcoretime deleted the feat/images/upload-tls-cert-retrieval branch April 20, 2026 08:07
@deckhouse-BOaTswain deckhouse-BOaTswain mentioned this pull request Apr 17, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@LopatinDmitr LopatinDmitr LopatinDmitr approved these changes

@Isteb4k Isteb4k Awaiting requested review from Isteb4k Isteb4k is a code owner

@yaroslavborbat yaroslavborbat Awaiting requested review from yaroslavborbat yaroslavborbat is a code owner

Assignees

@hardcoretime hardcoretime

Labels

None yet

Projects

None yet

Milestone

v1.8.0

Development

Successfully merging this pull request may close these issues.

3 participants

@hardcoretime @deckhouse-BOaTswain @LopatinDmitr