Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

remoteva: Config options to handle alternate deployment models #7473

Merged
merged 6 commits into from
May 13, 2024
Merged

remoteva: Config options to handle alternate deployment models #7473

merged 6 commits into from
May 13, 2024

Conversation

pgporada
Copy link
Member

@pgporada pgporada commented May 6, 2024
edited
Loading

  • Adds a VerifyGRPCClientCertIfGiven boolean to the remoteva config that cause the RVA server to use the less strict tls.VerifyClientCertIfGiven for use with an Amazon Web Services Application Load Balancer (ALB) between the boulder-va and remoteva. See Support using an ALB between VA and RVA #7386.

Part of #5294

@pgporada pgporada changed the base branch from main to 5294-split-va-and-rva May 6, 2024 17:58
Base automatically changed from 5294-split-va-and-rva to main May 6, 2024 20:29
@pgporada pgporada changed the title remoteva: Separate TLS client and server configs va: Separate TLS client and server configs May 7, 2024
@pgporada pgporada changed the title va: Separate TLS client and server configs va/remoteva: Config options to handle alternate deployment models May 10, 2024
@pgporada pgporada force-pushed the separate-tls-client-and-server branch from bd2b4e2 to deb62c1 Compare May 10, 2024 17:13
@pgporada pgporada marked this pull request as ready for review May 10, 2024 17:14
@pgporada pgporada requested a review from a team as a code owner May 10, 2024 17:14
@github-actions GitHub Actions
Copy link
Contributor

@pgporada, this PR appears to contain configuration and/or SQL schema changes. Please ensure that a corresponding deployment ticket has been filed with the new values.

@pgporada
Copy link
Member Author

Related SRE tickets:
IN-10231
IN-10291

beautifulentropy
beautifulentropy requested changes May 13, 2024
View reviewed changes
Copy link
Member

@beautifulentropy beautifulentropy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This change LGTM, I just have some questions and docs nits.

docs/multi-va.md Outdated Show resolved Hide resolved
cmd/remoteva/main.go Outdated Show resolved Hide resolved
cmd/remoteva/main.go Outdated Show resolved Hide resolved
@beautifulentropy beautifulentropy self-requested a review May 13, 2024 16:19
aarongable
aarongable reviewed May 13, 2024
View reviewed changes
cmd/remoteva/main.go Outdated Show resolved Hide resolved
cmd/boulder-va/main.go Outdated Show resolved Hide resolved
cmd/remoteva/main.go Outdated Show resolved Hide resolved
@pgporada pgporada changed the title va/remoteva: Config options to handle alternate deployment models remoteva: Config options to handle alternate deployment models May 13, 2024
@pgporada pgporada merged commit 44c0587 into main May 13, 2024
14 checks passed
@pgporada pgporada deleted the separate-tls-client-and-server branch May 13, 2024 18:43
@aarongable aarongable mentioned this pull request May 14, 2024
Closed
2 tasks
vbaranovskiy-plesk pushed a commit to plesk/boulder that referenced this pull request May 30, 2024
@pgporada @beautifulentropy
remoteva: Config options to handle alternate deployment models (letse…
83b7c4f 
…ncrypt#7473)

* Adds a `VerifyGRPCClientCertIfGiven` boolean to the `remoteva` config
that cause the RVA server to use the less strict
`tls.VerifyClientCertIfGiven` for use with an Amazon Web Services
Application Load Balancer (ALB) between the `boulder-va` and `remoteva`.
See letsencrypt#7386.

Part of letsencrypt#5294

---------

Co-authored-by: Samantha <[email protected]>
AlinaADmi pushed a commit to plesk/boulder that referenced this pull request Jul 29, 2024
@pgporada @beautifulentropy
remoteva: Config options to handle alternate deployment models (letse…
f312b74 
…ncrypt#7473)

* Adds a `VerifyGRPCClientCertIfGiven` boolean to the `remoteva` config
that cause the RVA server to use the less strict
`tls.VerifyClientCertIfGiven` for use with an Amazon Web Services
Application Load Balancer (ALB) between the `boulder-va` and `remoteva`.
See letsencrypt#7386.

Part of letsencrypt#5294

---------

Co-authored-by: Samantha <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@aarongable aarongable aarongable approved these changes

@beautifulentropy beautifulentropy beautifulentropy approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@pgporada @aarongable @beautifulentropy