OCPBUGS-78774: add TLS support for extractor-exporter communication

[jmesnil]

Enable TLS encryption on the TCP connection between the extractor server
(Rust) and the exporter client (Go) using rustls. The extractor loads a
certificate and key from configurable paths and the exporter verifies the
server certificate against a provided CA cert. Both components fall back
to plain TCP when TLS is not configured.

JIRA: https://redhat.atlassian.net/browse/OCPBUGS-78774

[openshift-ci-robot]

@jmesnil: This pull request references Jira Issue OCPBUGS-78774, which is valid.

3 validation(s) were run on this bug

• bug is open, matching expected state (open)
• bug target version (4.22.0) matches configured target version for branch (4.22.0)
• bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, POST)

The bug has been updated to refer to the pull request using the external bug tracker.

Details

In response to this:

Enable TLS encryption on the TCP connection between the extractor server
(Rust) and the exporter client (Go) using rustls. The extractor loads a
certificate and key from configurable paths and the exporter verifies the
server certificate against a provided CA cert. Both components fall back
to plain TCP when TLS is not configured.

JIRA: https://redhat.atlassian.net/browse/OCPBUGS-78774

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: jmesnil

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [jmesnil]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[jmesnil]

/retest

[openshift-ci]

@jmesnil: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

[openshift-ci]

@BaiyangZhou: it appears that you have attempted to use some version of the payload command, but your comment was incorrectly formatted and cannot be acted upon. See the docs for usage info.

[openshift-ci]

@BaiyangZhou: it appears that you have attempted to use some version of the payload command, but your comment was incorrectly formatted and cannot be acted upon. See the docs for usage info.

[openshift-ci]

@BaiyangZhou: The specified target(s) for /test were not found.
The following commands are available to trigger required jobs:

/test e2e-aws

/test e2e-tests

/test images

/test okd-scos-images

/test rust-unit-tests

/test unit-tests

The following commands are available to trigger optional jobs:

/test okd-scos-e2e-aws-ovn

Use /test all to run the following jobs that were automatically triggered:

pull-ci-openshift-insights-runtime-extractor-main-e2e-aws

pull-ci-openshift-insights-runtime-extractor-main-e2e-tests

pull-ci-openshift-insights-runtime-extractor-main-images

pull-ci-openshift-insights-runtime-extractor-main-okd-scos-images

pull-ci-openshift-insights-runtime-extractor-main-rust-unit-tests

pull-ci-openshift-insights-runtime-extractor-main-unit-tests

Details

In response to this:

/test default-tls

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[BaiyangZhou]

/payload default-tls

[openshift-ci]

@BaiyangZhou: it appears that you have attempted to use some version of the payload command, but your comment was incorrectly formatted and cannot be acted upon. See the docs for usage info.

[BaiyangZhou]

/payload pull-ci-openshift-insights-operator-master-tls-scanner

[openshift-ci]

@BaiyangZhou: it appears that you have attempted to use some version of the payload command, but your comment was incorrectly formatted and cannot be acted upon. See the docs for usage info.

[BaiyangZhou]

/payload-job pull-ci-openshift-insights-operator-master-tls-scanner

[openshift-ci]

@BaiyangZhou: trigger 0 job(s) for the /payload-(with-prs|job|aggregate|job-with-prs|aggregate-with-prs) command

[jmesnil]

superseded by #76

[openshift-ci-robot]

@jmesnil: This pull request references Jira Issue OCPBUGS-78774. The bug has been updated to no longer refer to the pull request using the external bug tracker.

Details

In response to this:

Enable TLS encryption on the TCP connection between the extractor server
(Rust) and the exporter client (Go) using rustls. The extractor loads a
certificate and key from configurable paths and the exporter verifies the
server certificate against a provided CA cert. Both components fall back
to plain TCP when TLS is not configured.

JIRA: https://redhat.atlassian.net/browse/OCPBUGS-78774

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.