Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add ca-cert rotation integration test, and fix ca-cert rotation #11013

Merged
merged 2 commits into from
Oct 9, 2024
Merged

Add ca-cert rotation integration test, and fix ca-cert rotation #11013

merged 2 commits into from
Oct 9, 2024

Conversation

brandond
Copy link
Member

@brandond brandond commented Oct 8, 2024
edited
Loading

Proposed Changes

Add ca-cert rotation integration test, and fix ca-cert rotation

Types of Changes

bugfix, testing

Verification

See linked issue

Testing

Rotate self-signed or custom CA certs and restart K3s. You should see the following message in the log before restarting, and K3s should restart successfully.

Oct 08 22:49:11 systemd-node-1 k3s[539]: time="2024-10-08T22:49:11Z" level=info msg="Using current data for PasswdFile: /var/lib/rancher/k3s/server/cred/passwd"
Oct 08 22:49:11 systemd-node-1 k3s[539]: time="2024-10-08T22:49:11Z" level=info msg="Using current data for IPSECKey: /var/lib/rancher/k3s/server/cred/ipsec.psk"
Oct 08 22:49:11 systemd-node-1 k3s[539]: time="2024-10-08T22:49:11Z" level=info msg="Using current data for EncryptionConfig: "
Oct 08 22:49:11 systemd-node-1 k3s[539]: time="2024-10-08T22:49:11Z" level=info msg="Using current data for EncryptionHash: "
Oct 08 22:49:11 systemd-node-1 k3s[539]: time="2024-10-08T22:49:11Z" level=info msg="Saving cluster bootstrap data to datastore"
Oct 08 22:49:11 systemd-node-1 k3s[539]: time="2024-10-08T22:49:11Z" level=info msg="certificate: Cluster Certificate Authority data has been updated, k3s must be restarted."

Linked Issues

User-Facing Change

Further Comments

@brandond brandond requested a review from a team as a code owner October 8, 2024 21:22
ShylajaDevadiga
ShylajaDevadiga previously approved these changes Oct 8, 2024
View reviewed changes
@brandond brandond marked this pull request as draft October 8, 2024 22:00
@brandond
Add ca-cert rotation integration test
87d72d5 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
@brandond
Fix issue that caused passwd file and psk to be regenerated when rota…
eb330ee 
…ting CA certs

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
@brandond brandond marked this pull request as ready for review October 8, 2024 22:36
@brandond brandond requested a review from a team October 8, 2024 22:36
@codecov Codecov
Copy link

codecov bot commented Oct 8, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 0% with 14 lines in your changes missing coverage. Please review.

Project coverage is 43.97%. Comparing base (e9c5295) to head (eb330ee).
Report is 2 commits behind head on master.

Files with missing lines Patch % Lines
pkg/server/cert.go 0.00% 14 Missing ⚠️

❗ There is a different number of reports uploaded between BASE (e9c5295) and HEAD (eb330ee). Click for more details.

HEAD has 1 upload less than BASE
Flag BASE (e9c5295) HEAD (eb330ee)
e2etests 7 6
Additional details and impacted files 
@@            Coverage Diff             @@
##           master   #11013      +/-   ##
==========================================
- Coverage   49.82%   43.97%   -5.86%     
==========================================
  Files         178      178              
  Lines       14814    14816       +2     
==========================================
- Hits         7381     6515     -866     
- Misses       6086     7097    +1011     
+ Partials     1347     1204     -143
Flag Coverage Δ
e2etests 36.21% <0.00%> (-9.83%) ⬇️
inttests 36.78% <0.00%> (+0.12%) ⬆️
unittests 13.52% <0.00%> (-0.01%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@brandond brandond merged commit c6392c9 into k3s-io:master Oct 9, 2024
30 checks passed
This was referenced Oct 9, 2024
Merged
Merged
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dereknola dereknola dereknola approved these changes

@briandowns briandowns briandowns approved these changes

@ShylajaDevadiga ShylajaDevadiga ShylajaDevadiga left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@brandond @briandowns @dereknola @ShylajaDevadiga