grpc tls fix

alyssacgoins · alyssacgoins · commit 59a8be5920e6 · 2026-01-29T10:56:40.000-05:00
Signed-off-by: alyssacgoins &lt;agoins@redhat.com&gt;
diff --git a/backend/Makefile b/backend/Makefile
@@ -6,17 +6,11 @@ TLS_ENABLED ?= "false"
 CERT_MANAGER_VERSION ?= v1.16.2
 
 # Container Build Params
-CONTAINER_ENGINE ?= $(shell \
-	if command -v docker >/dev/null 2>&1; then \
-		echo docker; \
-	elif command -v podman >/dev/null 2>&1; then \
-		echo podman; \
-	fi \
-)
+CONTAINER_ENGINE ?= podman
 
 # IMG_REGISTRY can be used to automatically prepend registry details. e.g. "quay.io/kubeflow/"
-IMG_REGISTRY ?=
-IMG_TAG_APISERVER         ?= apiserver
+IMG_REGISTRY ?=			quay.io/rh-ee-agoins/
+IMG_TAG_APISERVER         ?= apiserver:10
 IMG_TAG_PERSISTENCEAGENT  ?= persistence-agent
 IMG_TAG_CACHESERVER       ?= cache-server
 IMG_TAG_SCHEDULEDWORKFLOW ?= scheduledworkflow
diff --git a/backend/src/apiserver/main.go b/backend/src/apiserver/main.go
@@ -99,6 +99,7 @@ func initCerts() (*tls.Config, error) {
 		return nil, err
 	}
 	tlsCfg := &tls.Config{
+		ServerName:   common.GetMLPipelineServiceName() + "." + common.GetPodNamespace() + ".svc.cluster.local",
 		Certificates: []tls.Certificate{serverCert},
 	}
 	glog.Info("TLS cert key/pair loaded.")
diff --git a/backend/src/v2/config/env.go b/backend/src/v2/config/env.go
@@ -194,7 +194,7 @@ func getDefaultMinioSessionInfo() (objectstore.SessionInfo, error) {
 
 func GetMLPipelineServerConfig() *ServerConfig {
 	return &ServerConfig{
-		Address: common.GetMLPipelineServiceName() + "." + common.GetPodNamespace(),
+		Address: common.GetMLPipelineServiceName() + "." + common.GetPodNamespace() + ".svc.cluster.local",
 		Port:    mlPipelineGrpcServicePort,
 	}
 }
diff --git a/manifests/kustomize/env/cert-manager/base-tls-certs/kfp-api-cert.yaml b/manifests/kustomize/env/cert-manager/base-tls-certs/kfp-api-cert.yaml
@@ -8,12 +8,14 @@ spec:
   dnsNames:
     - ml-pipeline
     - ml-pipeline.kubeflow
+    - ml-pipeline.kubeflow.svc.cluster.local
     - ml-pipeline-scheduledworkflow
     - metadata-envoy
     - metadata-envoy-service
     - metadata-grpc-service
     - metadata-grpc-service.kubeflow
     - metadata-grpc-service.$(kfp-namespace).svc.cluster.local
+    # localhost included here because cert is used in KFP pod-to-pod TLS-enabled testing against localhost base URL.
     - localhost
   ipAddresses:
     # Necessary for running TLS-enabled cluster locally.

Original file line number	Diff line number	Diff line change
`@@ -99,6 +99,7 @@ func initCerts() (*tls.Config, error) {`
`99`	`99`	`return nil, err`
`100`	`100`	`}`
`101`	`101`	`tlsCfg := &tls.Config{`
	`102`	`+ ServerName: common.GetMLPipelineServiceName() + "." + common.GetPodNamespace() + ".svc.cluster.local",`
`102`	`103`	`Certificates: []tls.Certificate{serverCert},`
`103`	`104`	`}`
`104`	`105`	`glog.Info("TLS cert key/pair loaded.")`
Original file line number	Diff line number	Diff line change
`@@ -194,7 +194,7 @@ func getDefaultMinioSessionInfo() (objectstore.SessionInfo, error) {`
`194`	`194`
`195`	`195`	`func GetMLPipelineServerConfig() *ServerConfig {`
`196`	`196`	`return &ServerConfig{`
`197`		`- Address: common.GetMLPipelineServiceName() + "." + common.GetPodNamespace(),`
	`197`	`+ Address: common.GetMLPipelineServiceName() + "." + common.GetPodNamespace() + ".svc.cluster.local",`
`198`	`198`	`Port: mlPipelineGrpcServicePort,`
`199`	`199`	`}`
`200`	`200`	`}`