Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[SECURESIGN-570] Rekor add options to set trillian_log_server #196

Merged
merged 1 commit into from
Jun 17, 2024

Conversation

tommyd450
Copy link
Contributor

@tommyd450 tommyd450 commented Feb 20, 2024

#79
First actual pass at a pr for this, creating the yaml with the "externalTrillian" field added as well as providing the treeID of that trillian instance worked seemingly though I would love for someone else to take a brief look.

My process for testing this was installing the helm chart and pointing the the operators rekor-server at the trillian-system namespace and providing its TreeID.

Copy link
Contributor

@osmman osmman left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it will be better to change the API to something like this:

spec:
   trillian:
      address: trillian.example.com
      port: 8091

current state has problem that Trillain instance has to be installed in same cluster as Rekor which is unnecessary limitation. It will be much more flexibel for example:

  • set ip address instead of dns record
  • usage of API Gateway
  • external DNS name

You can set address and port default values to make default deployment simple and configure these options if changes are required.
Default values:

  • address = trillian-logserver.svc
  • port = 8091

controllers/rekor/utils/rekor_deployment.go Outdated Show resolved Hide resolved
@osmman
Copy link
Contributor

osmman commented Feb 20, 2024

I think that you can skip helm chart for testing it and use only Operator. Trillian and Rekor should be possible to install separately via Operator CRD.

Trillain in trillian-system namespace

apiVersion: rhtas.redhat.com/v1alpha1
kind: Trillian
metadata:
  name: example
  namespace: trillian-system
spec:
  database:
    create: true

Rekor in rekor-system namespace

apiVersion: rhtas.redhat.com/v1alpha1
kind: Rekor
metadata:
  name: example
  namespace: rekor-system
spec:
  trillain:
    address: trillain-server.trillain-system.svc

api/v1alpha1/rekor_types.go Outdated Show resolved Hide resolved
api/v1alpha1/rekor_types.go Outdated Show resolved Hide resolved
controllers/rekor/utils/rekor_deployment.go Outdated Show resolved Hide resolved
config/samples/rhtas_v1alpha1_securesign.yaml Outdated Show resolved Hide resolved
@tommyd450 tommyd450 force-pushed the RekorConfigTril branch 3 times, most recently from 887fb36 to 915a219 Compare February 27, 2024 11:41
@tommyd450 tommyd450 requested a review from osmman February 27, 2024 12:15
api/v1alpha1/rekor_types.go Outdated Show resolved Hide resolved
api/v1alpha1/rekor_types.go Outdated Show resolved Hide resolved
notes.txt Outdated Show resolved Hide resolved
@tommyd450
Copy link
Contributor Author

/retest

@osmman osmman force-pushed the RekorConfigTril branch 5 times, most recently from 779d721 to 3a44319 Compare June 3, 2024 15:11
@osmman osmman force-pushed the RekorConfigTril branch 2 times, most recently from 3ac2412 to 2af8eec Compare June 3, 2024 15:48
@osmman osmman requested review from bouskaJ June 4, 2024 06:59
@osmman osmman force-pushed the RekorConfigTril branch 2 times, most recently from 02f11e4 to 09b1954 Compare June 6, 2024 07:53
controllers/rekor/actions/server/createTree.go Outdated Show resolved Hide resolved
controllers/rekor/actions/server/deployment.go Outdated Show resolved Hide resolved
controllers/rekor/actions/pending.go Outdated Show resolved Hide resolved
@osmman osmman force-pushed the RekorConfigTril branch from 09b1954 to e0a181c Compare June 13, 2024 10:32
@openshift-ci openshift-ci bot removed the lgtm label Jun 13, 2024
@osmman osmman requested a review from bouskaJ June 13, 2024 11:03
Copy link

openshift-ci bot commented Jun 17, 2024

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: bouskaJ, osmman, tommyd450

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:
  • OWNERS [bouskaJ,osmman,tommyd450]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-merge-bot openshift-merge-bot bot merged commit e7aacb3 into main Jun 17, 2024
11 checks passed
@osmman osmman deleted the RekorConfigTril branch June 17, 2024 14:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants