Skip to content

feat(images): fetch TLS certificate from secret for upload endpoints#2235

Open
hardcoretime wants to merge 1 commit intomainfrom
feat/images/upload-tls-cert-retrieval
Open

feat(images): fetch TLS certificate from secret for upload endpoints#2235
hardcoretime wants to merge 1 commit intomainfrom
feat/images/upload-tls-cert-retrieval

Conversation

@hardcoretime
Copy link
Copy Markdown
Contributor

@hardcoretime hardcoretime commented Apr 17, 2026
edited
Loading

Description

Added TLS certificate retrieval from secrets for upload endpoints to fix TLS verification errors when using self-signed certificates.

Why do we need it, and what problem does it solve?

When the cluster uses a self-signed certificate for the ingress controller, the IsUploaderReady function fails with TLS verification error because it doesn't have access to the TLS secret containing the CA certificate. This prevents users from uploading images through the upload endpoint.

The fix retrieves the TLS secret from the cluster and passes it to the IsUploaderReady function, enabling proper TLS verification.

What is the expected result?

Upload endpoints work correctly with TLS verification, even when the ingress controller uses self-signed certificates. The implementation also supports legacy naming of TLS secrets for backward compatibility.

Checklist

  • The code is covered by unit tests.
  • e2e tests passed.
  • Documentation updated according to the changes.
  • Changes were tested in the Kubernetes cluster manually.

Changelog entries

section: api
type: feature
summary: "Fetch TLS certificate from secret for upload endpoints to enable TLS verification with self-signed certificates"

feat(images): fetch TLS certificate from secret for upload endpoints
a8a7bf5 
Signed-off-by: Roman Sysoev <roman.sysoev@flant.com>
@hardcoretime hardcoretime added this to the v1.8.0 milestone Apr 17, 2026
@hardcoretime hardcoretime marked this pull request as ready for review April 17, 2026 23:11
@hardcoretime hardcoretime added the e2e/run Run e2e test on cluster of PR author label Apr 17, 2026
@deckhouse-BOaTswain
Copy link
Copy Markdown
Contributor

deckhouse-BOaTswain commented Apr 17, 2026
edited
Loading

Workflow has started.
Follow the progress here: Workflow Run

The target step completed with status: failure.

@deckhouse-BOaTswain deckhouse-BOaTswain removed the e2e/run Run e2e test on cluster of PR author label Apr 18, 2026
@hardcoretime hardcoretime added the e2e/run Run e2e test on cluster of PR author label Apr 18, 2026
@deckhouse-BOaTswain
Copy link
Copy Markdown
Contributor

deckhouse-BOaTswain commented Apr 18, 2026
edited
Loading

Workflow has started.
Follow the progress here: Workflow Run

The target step completed with status: failure.

@deckhouse-BOaTswain deckhouse-BOaTswain removed the e2e/run Run e2e test on cluster of PR author label Apr 18, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Isteb4k Isteb4k Awaiting requested review from Isteb4k Isteb4k is a code owner

@yaroslavborbat yaroslavborbat Awaiting requested review from yaroslavborbat yaroslavborbat is a code owner

@LopatinDmitr LopatinDmitr Awaiting requested review from LopatinDmitr

At least 1 approving review is required to merge this pull request.

Assignees

@hardcoretime hardcoretime

Labels

None yet

Projects

None yet

Milestone

v1.8.0

Development

Successfully merging this pull request may close these issues.

2 participants

@hardcoretime @deckhouse-BOaTswain