feat: Add support for API served via HTTPS when preferService: true #772
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Noticed the issue #642, where a user complains that grafana-operator cannot manage grafana instance which exposes its API via https.
The reason for that is quite simple. -
(r *ReconcileGrafana) getGrafanaAdminUrl
always assumes that grafana instance serves HTTP whenpreferService: true
.Grafana itself supports
http
,https
,h2
, andsocket
(source). I think operator can only be guaranteed to work withhttp
andhttps
.h2
might be served via different protocols (HTTP / HTTPS), which makes its setup more complicated, so IMO it's better not support it at all.socket
is definitely not the way operator is set up to work.Relevant issues/tickets
Fixes: #642
Type of change
Checklist
Verification steps
$ openssl genrsa -out ca.key 2048 $ openssl req -x509 -new -nodes -days 365 -key ca.key -out ca.crt -subj "/CN=yourdomain.com" kubectl create secret tls my-tls-secret --key ca.key --cert ca.crt
For discussion
Please, let me know if you agree with the overall implementation. Once that is done, I can add some tests.