Analyze Resource | Fix CA Changes (To Use Unsecured Agent)#2015
Conversation
Signed-off-by: shirady <57721533+shirady@users.noreply.github.com>
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (3)
📝 WalkthroughWalkthroughThe analyze-resource Kubernetes Job manifest is updated to disable automatic service account token mounting and to stop propagating the NODE_EXTRA_CA_CERTS environment variable. The embedded bundle copy of this manifest and the Go code that sets job network environment variables are updated to match. ChangesAnalyze Job hardening and env var removal
Estimated code review effort: 1 (Trivial) | ~5 minutes Poem
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Describe the Problem
While I worked on another feature, I noticed an error in the setup when using s3-compatible (OBM COS) with the changes that were made regarding the TLS (noobaa/noobaa-core#9395).
Explain the changes
automountServiceAccountToken: falsein the analyze resource job.NODE_EXTRA_CA_CERTSas it is not used in noobaa-core anymore.Issues:
self-signed certificate in certificate chain.reference:
https://github.com/noobaa/noobaa-core/blob/646bdc10b8565d4486becda601642eb7cb753ce0/src/util/http_utils.js#L39-L40
Testing Instructions:
nb diagnostics analyze backingstore noobaa-default-backing-store -n openshift-storage(expect all tests to pass).Summary by CodeRabbit
Bug Fixes
Chores