Allow TLS flags to be disabled

[rubenvp8510]

Fixes #1438

Signed-off-by: Ruben Vargas [email protected]

[codecov]

Codecov Report

Merging #1440 (b447b2a) into master (9808586) will increase coverage by 0.00%.
The diff coverage is 100.00%.

❗ Current head b447b2a differs from pull request most recent head 20dfd0a. Consider uploading reports for the commit 20dfd0a to get more accurate results

@@           Coverage Diff           @@
##           master    #1440   +/-   ##
=======================================
  Coverage   87.70%   87.70%           
=======================================
  Files          93       93           
  Lines        5838     5839    +1     
=======================================
+ Hits         5120     5121    +1     
  Misses        552      552           
  Partials      166      166           

Impacted Files	Coverage Δ
pkg/deployment/agent.go	100.00% <100.00%> (ø)
pkg/deployment/all_in_one.go	100.00% <100.00%> (ø)
pkg/deployment/collector.go	100.00% <100.00%> (ø)
pkg/inject/sidecar.go	97.46% <100.00%> (ø)

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 9808586...20dfd0a. Read the comment docs.

[jpkrohling]

Could you please confirm that you ran a manual test like the following?

• On OpenShift, create a simple CR. This should enable TLS by default
• Change the CR to disable TLS
• Check that the CR (and underlying Jaeger config) look sane and without extra options like paths to the certs and keys.

[jpkrohling]

This doesn't feel right: if the option is set, then tls.Update will be skipped (and ca, and ca.AddServiceCA). Why did we have this as part of all reconciliation loops before? What happens when on the first reconciliation we did not have this parameter, causing the operator to add --reporter.grpc.tls.enabled=true, and the user then manually sets this to false?

[rubenvp8510]

Good point, I need to test this case,

I ran manually tests only for the first case, I'll check what happens in the case of an update to the CR. but it seems like you're right.

[jpkrohling]

Did you test this case?

[rubenvp8510]

I tested it with the last changes I did, it seems to work fine.

[rubenvp8510]

I did some changes to only touch the flags in case of the TLS certificates, still creating CA on the reconciliation, regarding of the flags.

[jpkrohling]

This looks good, but it's not still clear to me what happens when a collector is first provisioned with the TLS options, and then has the TLS options disabled. Did you test this case? Is it possible to simulate this with an e2e test?

[jpkrohling]

Did you test this case?

[jpkrohling]

@rubenvp8510 could you please rebase this?

[rubenvp8510]

This looks good, but it's not still clear to me what happens when a collector is first provisioned with the TLS options, and then has the TLS options disabled. Did you test this case? Is it possible to simulate this with an e2e test?

The TLS will be disabled, but all the volumes will be still there. I'll add an E2E test, may be we can do it in another PR?