Skip to content

HIVE-3007: hiveadmission: TLS config from APIServer #2800

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
2uasimojo wants to merge 1 commit into
base: master
Choose a base branch
from
Draft

HIVE-3007: hiveadmission: TLS config from APIServer #2800

2uasimojo wants to merge 1 commit into from

Conversation

@2uasimojo
Copy link
Member

@2uasimojo 2uasimojo commented Nov 26, 2025

Honor global TLS configuration by discovering TLS minimum version and cipher suites from the APIServer cluster object and adding their respective arguments to the hiveadmission Deployment.

Assisted-By: The Claude (claude-sonnet-4-5@20250929)

Claude helped me figure out minimal implementations for the Listers and Recorder I needed to invoke library-go's
ObserveTLSSecurityProfileToArguments() function. (I feel like I shouldn't have had to create whole implementations to make this work. But maybe it's because this repo is using archaic mechanisms to interact with the KAS.)

@2uasimojo
HIVE-3007: hiveadmission: TLS config from APIServer
55f9929 
Honor global TLS configuration by discovering TLS minimum version and
cipher suites from the `APIServer cluster` object and adding their
respective arguments to the hiveadmission Deployment.

Assisted-By: The Claude (claude-sonnet-4-5@20250929)

Claude helped me figure out minimal implementations for the Listers and
Recorder I needed to invoke library-go's
`ObserveTLSSecurityProfileToArguments()` function. (I feel like I
shouldn't have had to create whole implementations to make this work.
But maybe it's because this repo is using archaic mechanisms to interact
with the KAS.)
@openshift-ci openshift-ci bot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Nov 26, 2025
@openshift-ci-robot openshift-ci-robot added the jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. label Nov 26, 2025
@openshift-ci-robot
Copy link

openshift-ci-robot commented Nov 26, 2025
edited by openshift-ci bot
Loading

@2uasimojo: This pull request references HIVE-3007 which is a valid jira issue.

In response to this:

Honor global TLS configuration by discovering TLS minimum version and cipher suites from the APIServer cluster object and adding their respective arguments to the hiveadmission Deployment.

Assisted-By: The Claude (claude-sonnet-4-5@20250929)

Claude helped me figure out minimal implementations for the Listers and Recorder I needed to invoke library-go's
ObserveTLSSecurityProfileToArguments() function. (I feel like I shouldn't have had to create whole implementations to make this work. But maybe it's because this repo is using archaic mechanisms to interact with the KAS.)

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@openshift-ci
Copy link
Contributor

openshift-ci bot commented Nov 26, 2025

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

@openshift-ci
Copy link
Contributor

openshift-ci bot commented Nov 26, 2025

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: 2uasimojo

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Nov 26, 2025
@2uasimojo
Copy link
Member Author

2uasimojo commented Nov 26, 2025

This is currently in dependency hell.

  • library-go is too old for k8s/client-go
  • Can't upgrade library-go without bumping k8s to 34 and/or revendoring installer

We'll wait for #2796 and try again (library-go @release-4.20 to avoid k8s bump).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. jira/valid-reference Indicates that this PR references a valid Jira ticket of any type.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@2uasimojo @openshift-ci-robot