k8s: Remove require client authorization Admin API

In the centralized configuration e2e test the cluster health can not be retrieved if required client authorization is removed from Admin API. Nodes that are running with mTLS configuration does not respond to operator get health overview. If first out of N brokers is restarted and stops serving Admin API with mTLS configuration, then rpk adminAPI implementation sends http request to all in sequence get health overview. The problem is with http client and TLS configuration as one out of N doesn not need client certificate.
redpanda-data · Dec 1, 2022 · 2d775e6 · 2d775e6
1 parent c93d967
commit 2d775e6
Show file tree

Hide file tree

Showing 3 changed files with 3 additions and 9 deletions.
diff --git a/src/go/k8s/tests/e2e/centralized-configuration-tls/00-redpanda-cluster.yaml b/src/go/k8s/tests/e2e/centralized-configuration-tls/00-redpanda-cluster.yaml
@@ -22,7 +22,6 @@ spec:
     - port: 9644
       tls:
         enabled: true
-        requireClientAuth: true
     pandaproxyApi:
      - port: 8082
     developerMode: true
diff --git a/src/go/k8s/tests/e2e/centralized-configuration-tls/01-redpanda-cluster-change.yaml b/src/go/k8s/tests/e2e/centralized-configuration-tls/01-redpanda-cluster-change.yaml
@@ -22,9 +22,10 @@ spec:
     - port: 9644
       tls:
         enabled: true
-        requireClientAuth: true
     pandaproxyApi:
      - port: 8082
+       tls:
+         enabled: true
     developerMode: true
   additionalConfiguration:
     redpanda.segment_appender_flush_timeout_ms: "1003"
diff --git a/src/go/k8s/tests/e2e/centralized-configuration-tls/02-probe.yaml b/src/go/k8s/tests/e2e/centralized-configuration-tls/02-probe.yaml
@@ -8,10 +8,6 @@ spec:
     spec:
       activeDeadlineSeconds: 90
       volumes:
-        - name: tlsadmin
-          secret:
-            defaultMode: 420
-            secretName: centralized-configuration-tls-admin-api-client
         - name: tlsadminca
           secret:
             defaultMode: 420
@@ -31,14 +27,12 @@ spec:
           args:
             - >
               url=https://centralized-configuration-tls-0.centralized-configuration-tls.$NAMESPACE.svc.cluster.local:9644/v1/config
-              res=$(curl --cacert /etc/tls/certs/admin/ca/ca.crt --cert /etc/tls/certs/admin/tls.crt --key /etc/tls/certs/admin/tls.key --silent -L $url | grep -o '\"segment_appender_flush_timeout_ms\":[^,}]*' | grep -o '[^:]*$') &&
+              res=$(curl --cacert /etc/tls/certs/admin/ca/ca.crt --silent -L $url | grep -o '\"segment_appender_flush_timeout_ms\":[^,}]*' | grep -o '[^:]*$') &&
               echo $res > /dev/termination-log &&
               if [[ "$res" != "1003" ]]; then
                 exit 1;
               fi
           volumeMounts:
-            - mountPath: /etc/tls/certs/admin
-              name: tlsadmin
             - mountPath: /etc/tls/certs/admin/ca
               name: tlsadminca
       restartPolicy: Never