-
Notifications
You must be signed in to change notification settings - Fork 4.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
agent: route templating server through cache #10927
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Some comments in the tests. It also looks like the TestCacheConfig* tests could be combined into a table test if you wanted, since the only changing parameters are the listeners and the expected address.
Co-authored-by: Theron Voran <[email protected]>
Co-authored-by: Theron Voran <[email protected]>
Co-authored-by: Theron Voran <[email protected]>
Co-authored-by: Theron Voran <[email protected]>
Co-authored-by: Theron Voran <[email protected]>
Co-authored-by: Theron Voran <[email protected]>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good, pending the change on removing client cert and keys around here that we discussed offline.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM 👍
This PR enhances the Vault Agent Templating server to support using the local proxy cache. The templating server will automatically configure itself to use the cache if caching is enabled and a listener is present. If either of these requirements aren't satisfied, the templating server will use the
vault
configuration as it does today.The only caveat to this change is we ignore TLS verification if the listener has TLS enabled. We do this because a CA would be required to verify the certificate but the proxy and templating server are spawned by the same Vault Agent process.