Skip to content

feat(kiali): Standardize Certificate Authority Configuration Method #511

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
manusa merged 13 commits into from
Dec 1, 2025
Merged

feat(kiali): Standardize Certificate Authority Configuration Method #511

manusa merged 13 commits into from
Dec 1, 2025

Conversation

@josunect
Copy link
Contributor

@josunect josunect commented Nov 26, 2025

  • Use a CA file path in addition to the inline certificate.
  • Document the standardized pattern for future RH toolsets.

This PR keeps the inline option for back-comp, but I can remove it if it is not required.

How to manually test it:

echo | openssl s_client -showcerts -connect kiali-istio-system.apps-crc.testing:443 2>/dev/null | openssl x509 > /tmp/kiali.crt

Configuration (Using a kiali https route):

url = "https://kiali-istio-system.apps-crc.testing/"
certificate_authority = "/tmp/kiali.crt"
insecure = false

Run the MCP server:

make build
npx @modelcontextprotocol/inspector@latest $(pwd)/kubernetes-mcp-server

@Cali0707
Copy link
Collaborator

Cali0707 commented Nov 26, 2025

This PR keeps the inline option for back-comp, but I can remove it if it is not required.

@josunect I think it should be safe for you to remove this - we haven't cut a release with kiali toolset yet, so I don't think we need to maintain backwards compatability yet (cc @manusa )

@manusa manusa changed the title feat(kiali): Standardize Certificate Authority Configuration Method for Kiali mCP feat(kiali): Standardize Certificate Authority Configuration Method Nov 26, 2025
@manusa manusa self-requested a review November 26, 2025 16:26
manusa
manusa reviewed Nov 26, 2025
View reviewed changes
pkg/kiali/config_test.go Outdated
Comment on lines 79 to 93
// Create a config file with absolute path
configFile := filepath.Join(s.tempDir, "config.toml")
// Convert backslashes to forward slashes for TOML compatibility on Windows
caFileForTOML := filepath.ToSlash(s.caFile)
configContent := `
[toolset_configs.kiali]
url = "https://kiali.example/"
certificate_authority = "` + caFileForTOML + `"
`
err := os.WriteFile(configFile, []byte(configContent), 0644)
s.Require().NoError(err, "Failed to write config file")

// Read config - Read() automatically sets the config directory path
cfg, err := config.Read(configFile)
s.Require().NoError(err, "Failed to read config")
Copy link
Member

@manusa manusa Nov 26, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can't this be replaced with the logic we have in place for other tests e.g.

kubernetes-mcp-server/pkg/kiali/kiali_test.go

Lines 31 to 35 in 8d76426

s.Config = test.Must(config.ReadToml([]byte(`
[toolset_configs.kiali]
url = "https://kiali.example/"
insecure = true
`)))

Copy link
Contributor Author

@josunect josunect Nov 27, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Updated!

@aljesusg
Copy link
Contributor

aljesusg commented Nov 27, 2025

This PR keeps the inline option for back-comp, but I can remove it if it is not required.

@josunect I think it should be safe for you to remove this - we haven't cut a release with kiali toolset yet, so I don't think we need to maintain backwards compatability yet (cc @manusa )

Yes please, The idea is to replace the inline CA by path

@josunect josunect requested a review from manusa November 27, 2025 10:21
@manusa
Copy link
Member

manusa commented Nov 27, 2025

@aljesusg @josunect I still se the support for inline PEM certificates.
I'm not sure if this is going to be removed in the scope of this PR or in a follow-up.

@aljesusg
Copy link
Contributor

aljesusg commented Nov 27, 2025

@aljesusg @josunect I still se the support for inline PEM certificates. I'm not sure if this is going to be removed in the scope of this PR or in a follow-up.

The idea is replace it, so yes we are going to remove it in this PR

aljesusg
aljesusg suggested changes Nov 28, 2025
View reviewed changes
Copy link
Contributor

@aljesusg aljesusg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Look good only this 2 minor things, I am going to test it locally

josunect and others added 13 commits November 28, 2025 15:29
@josunect
Get certificate by path as well
c3941cc 
Signed-off-by: josunect <[email protected]>
@josunect
Remove inline certs support
3d238c2 
Signed-off-by: josunect <[email protected]>
@josunect
Fix for windows
99d1185 
Signed-off-by: josunect <[email protected]>
@josunect
Update failing test
e5d5387 
Signed-off-by: josunect <[email protected]>
@josunect
Unify test usages
8d84afc 
Signed-off-by: josunect <[email protected]>
@josunect
Remove PEM from docs
5b6d6fc 
Signed-off-by: josunect <[email protected]>
@josunect
Missing doc
e76e3a1 
Signed-off-by: josunect <[email protected]>
@josunect
Remove PEM checks
af6a5d9 
Signed-off-by: josunect <[email protected]>
@josunect
Lint
3977490 
Signed-off-by: josunect <[email protected]>
@josunect
Update docs
e364f79 
Signed-off-by: josunect <[email protected]>
@josunect
Update test
74e927e 
Signed-off-by: josunect <[email protected]>
@josunect
Comments from review
3088765 
Signed-off-by: josunect <[email protected]>
@josunect @aljesusg
Update pkg/config/config.go
7f6ac03 
Co-authored-by: Alberto Gutierrez <[email protected]>
Signed-off-by: josunect <[email protected]>
@manusa manusa added this to the 0.1.0 milestone Dec 1, 2025
manusa
manusa approved these changes Dec 1, 2025
View reviewed changes
Copy link
Member

@manusa manusa left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thx!

@manusa manusa merged commit a86eccd into containers:main Dec 1, 2025
6 checks passed
@josunect josunect deleted the issue11473 branch December 1, 2025 10:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@manusa manusa manusa approved these changes

+1 more reviewer

@aljesusg aljesusg aljesusg requested changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

0.1.0

Development

Successfully merging this pull request may close these issues.

4 participants

@josunect @Cali0707 @aljesusg @manusa