Conversation
Contributor
There was a problem hiding this comment.
Pull request overview
This PR enables mutual TLS (mTLS) support for YTsaurus version 25.2.x in the e2e tests. Version 25.2.x supports mTLS but lacks the RPC proxy public address feature that was introduced in 25.3.0, requiring a workaround to include the interconnect FQDN in RPC proxy TLS certificates.
Changes:
- Extended mTLS support to version 25.2.0 (previously 25.3.0 only)
- Added workaround in
withRPCTLSProxyto include interconnect FQDN in certificates whenRPCProxyHavePublicAddressis false - Kept the
RPCProxyHavePublicAddressfeature flag enabled only for version 25.3.0 and later
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
koct9i
force-pushed
the
khlebnikov/try-mtls-in-25.2
branch
from
9235c80 to
e236262
Compare
export E2E_IMAGE_PULL_SECRET=${HOME}/.docker/config.json
Signed-off-by: Konstantin Khlebnikov <khlebnikov@nebius.com>
This version is missing RPC proxy public address and needs workaround. Signed-off-by: Konstantin Khlebnikov <khlebnikov@nebius.com>
koct9i
force-pushed
the
khlebnikov/try-mtls-in-25.2
branch
4 times, most recently
from
c2d033d to
45d1cb1
Compare
Signed-off-by: Konstantin Khlebnikov <khlebnikov@nebius.com>
Signed-off-by: Konstantin Khlebnikov <khlebnikov@nebius.com>
koct9i
force-pushed
the
khlebnikov/try-mtls-in-25.2
branch
from
45d1cb1 to
f4f8498
Compare
We don't actually have or check GPUs in tests. And only ytsaurus 25.1+ knowns about "gpu_agent", older versions cannot parse config. Signed-off-by: Konstantin Khlebnikov <khlebnikov@nebius.com>
koct9i
force-pushed
the
khlebnikov/try-mtls-in-25.2
branch
from
f4f8498 to
aac79e2
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This version is missing RPC proxy public address and needs workaround.
Signed-off-by: Konstantin Khlebnikov khlebnikov@nebius.com