Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add capability to disable TLS warning #180

Open
imclem opened this issue Apr 4, 2023 · 2 comments
Open

Add capability to disable TLS warning #180

imclem opened this issue Apr 4, 2023 · 2 comments
Labels
hint/good first issue Someone new could handle this hint/help wanted Someone else needs to handle this priority/3 low This would be nice to have

Comments

@imclem
Copy link

imclem commented Apr 4, 2023

Hi 👋

I'm running a spicedb cluster, and I'm getting a warning in the Status.Conditions of the cluster because TLS is not configured. I would like to be able to remove this warning, I'm running spicedb internally, nothing is exposed to the outside world, there should be no security issue without tls.

Here's the output of describing the cluster:

Name:         spicedb-mycoach-infrastructure
Namespace:    default
Labels:       app.kubernetes.io/managed-by=Helm
Annotations:  meta.helm.sh/release-name: mycoach-infrastructure
              meta.helm.sh/release-namespace: default
API Version:  authzed.com/v1alpha1
Kind:         SpiceDBCluster
Metadata:
  Creation Timestamp:  2023-03-23T17:26:40Z
  Generation:          2
  Managed Fields:
    API Version:  authzed.com/v1alpha1
    Fields Type:  FieldsV1
    fieldsV1:
      f:metadata:
        f:annotations:
          f:meta.helm.sh/release-name:
          f:meta.helm.sh/release-namespace:
        f:labels:
          f:app.kubernetes.io/managed-by:
      f:status:
        f:conditions:
        f:currentMigrationHash:
        f:image:
        f:migration:
        f:observedGeneration:
        f:secretHash:
        f:targetMigrationHash:
        f:version:
          f:attributes:
          f:channel:
          f:name:
    Manager:      spicedb-operator
    Operation:    Apply
    Subresource:  status
    Time:         2023-04-04T08:03:28Z
    API Version:  authzed.com/v1alpha1
    Fields Type:  FieldsV1
    fieldsV1:
      f:metadata:
        f:annotations:
          .:
          f:meta.helm.sh/release-name:
          f:meta.helm.sh/release-namespace:
        f:labels:
          .:
          f:app.kubernetes.io/managed-by:
      f:spec:
        .:
        f:channel:
        f:config:
          .:
          f:datastoreEngine:
          f:replicas:
        f:secretName:
        f:version:
    Manager:         Go-http-client
    Operation:       Update
    Time:            2023-03-23T17:57:48Z
  Resource Version:  332941291
  UID:               3fd90ca2-f928-4fc1-bb16-326def7e6ae6
Spec:
  Channel:  stable
  Config:
    Datastore Engine:  mysql
    Replicas:          3
  Secret Name:         spicedb-mycoach-infrastructure
  Version:             v1.18.0
Status:
  Conditions:
    Last Transition Time:  2023-03-23T17:26:40Z
    Message:               no TLS configured, consider setting "tlsSecretName"
    Reason:                WarningsPresent
    Status:                True
    Type:                  ConfigurationWarning
  Current Migration Hash:  n698hch68ch65h544h67fh9ch6q
  Image:                   ghcr.io/authzed/spicedb:v1.18.0
  Migration:               add_caveat
  Observed Generation:     2
  Secret Hash:             n645h599h694hd6h96h547h695h688q
  Target Migration Hash:   n698hch68ch65h544h67fh9ch6q
  Version:
    Attributes:
      migration
    Channel:  stable
    Name:     v1.18.0

And the status condition:

Status:
  Conditions:
    Last Transition Time:  2023-03-23T17:26:40Z
    Message:               no TLS configured, consider setting "tlsSecretName"
    Reason:                WarningsPresent
    Status:                True
    Type:                  ConfigurationWarning

Thanks

@ecordell ecordell added hint/good first issue Someone new could handle this hint/help wanted Someone else needs to handle this priority/3 low This would be nice to have labels Apr 4, 2023
@jawnsy
Copy link
Contributor

jawnsy commented Aug 25, 2023

It's perhaps worth noting here that TLS is not really optional for some clients, due to authzed/authzed-py#89

@akoserwal
Copy link

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
hint/good first issue Someone new could handle this hint/help wanted Someone else needs to handle this priority/3 low This would be nice to have
Projects
None yet
Development

No branches or pull requests

4 participants