Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

API-1789: tls artifacts: list ondisk locations alongside secret/configmaps #29090

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

API-1789: tls artifacts: list ondisk locations alongside secret/configmaps #29090

wants to merge 1 commit into from

Conversation

vrutkovs
Copy link
Member

TLS artifact reports prefer in-cluster locations, so that they can be assigned metadata via annotations. This change prints other ondisk locations so that secret/configmap could be linked to the file on disk

@vrutkovs vrutkovs changed the title tls artifacts: list ondisk locations alongside secret/configmaps API-1789: tls artifacts: list ondisk locations alongside secret/configmaps Sep 11, 2024
@openshift-ci-robot openshift-ci-robot added the jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. label Sep 11, 2024
@openshift-ci-robot
Copy link

openshift-ci-robot commented Sep 11, 2024
edited by openshift-ci bot
Loading

@vrutkovs: This pull request references API-1789 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.18.0" version, but no target version was set.

In response to this:

TLS artifact reports prefer in-cluster locations, so that they can be assigned metadata via annotations. This change prints other ondisk locations so that secret/configmap could be linked to the file on disk

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

sanchezl
sanchezl approved these changes Sep 16, 2024
View reviewed changes
Copy link
Contributor

@sanchezl sanchezl left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@openshift-ci openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label Sep 16, 2024
deads2k
deads2k reviewed Sep 18, 2024
View reviewed changes
tls/ownership/ownership.md Outdated
Comment on lines 1959 to 1964
Other locations:

* file /etc/docker/certs.d/image-registry.openshift-image-registry.svc.cluster.local:5000/ca.crt
* file /etc/docker/certs.d/image-registry.openshift-image-registry.svc:5000/ca.crt


Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I bet we'll end up finding disputes of "who actually owns this ca bundle" because while the content matches, the actual owner seems more likely to be the image registry. This is likely a common problem and suggests that even though the content is the same, the thing we're actually providing ownership for is the file itself.

@vrutkovs
Copy link
Member Author

/hold

Alongside "this matches the content" we should also match by purpose - i.e. /etc/kubernetes/static-pod-resources/kube-apiserver-certs/configmaps/trusted-ca-bundle/ca-bundle.crt belongs to kube-apiserver and so on

@openshift-ci openshift-ci bot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Sep 18, 2024
@vrutkovs
tls artifacts: list ondisk locations alongside secret/configmaps
0607865 
TLS artifact reports prefer in-cluster locations, so that they can be
assigned metadata via annotations. This change prints other ondisk
locations so that secret/configmap could be linked to the file
on disk
@openshift-ci openshift-ci bot removed the lgtm Indicates that a PR is ready to be merged. label Sep 18, 2024
vrutkovs
vrutkovs commented Sep 18, 2024
View reviewed changes
tls/ownership/ownership.md

## Image Registry (2)
### Certificate Authority Bundles (2)
1. file /etc/docker/certs.d/image-registry.openshift-image-registry.svc.cluster.local:5000/ca.crt
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These files both have the same owner and the same content, so they are printed twice here. Not sure if its worth fixing tbh

@vrutkovs
Copy link
Member Author

/hold cancel

@openshift-ci openshift-ci bot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Sep 18, 2024
@openshift-ci OpenShift CI
Copy link
Contributor

openshift-ci bot commented Sep 18, 2024

@vrutkovs: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/e2e-openstack-ovn 0607865 link false /test e2e-openstack-ovn
ci/prow/e2e-aws-ovn-single-node 0607865 link false /test e2e-aws-ovn-single-node
ci/prow/e2e-aws-ovn-ipsec-serial 0607865 link false /test e2e-aws-ovn-ipsec-serial
ci/prow/e2e-aws-ovn-single-node-upgrade 0607865 link false /test e2e-aws-ovn-single-node-upgrade
ci/prow/e2e-aws-ovn-single-node-serial 0607865 link false /test e2e-aws-ovn-single-node-serial

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

@openshift-trt-bot
Copy link

Job Failure Risk Analysis for sha: 0607865

Job Name Failure Risk
pull-ci-openshift-origin-master-e2e-aws-ovn-single-node-upgrade High
[sig-arch] events should not repeat pathologically for ns/openshift-machine-config-operator
This test has passed 99.98% of 6311 runs on release 4.18 [Overall] in the last week.

dinhxuanvu
dinhxuanvu reviewed Sep 19, 2024
View reviewed changes
Copy link
Member

@dinhxuanvu dinhxuanvu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@openshift-ci openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label Sep 19, 2024
@openshift-ci OpenShift CI
Copy link
Contributor

openshift-ci bot commented Sep 19, 2024

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: dinhxuanvu, sanchezl, vrutkovs
Once this PR has been reviewed and has the lgtm label, please assign deads2k for approval. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@deads2k deads2k deads2k left review comments

@dinhxuanvu dinhxuanvu dinhxuanvu left review comments

@sanchezl sanchezl sanchezl approved these changes

@p0lyn0mial p0lyn0mial Awaiting requested review from p0lyn0mial

@sjenning sjenning Awaiting requested review from sjenning

Assignees

@sanchezl sanchezl

@dinhxuanvu dinhxuanvu

Labels
jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. lgtm Indicates that a PR is ready to be merged.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@vrutkovs @openshift-ci-robot @openshift-trt-bot @sanchezl @deads2k @dinhxuanvu