Skip to content
This repository has been archived by the owner on Apr 30, 2024. It is now read-only.

Add a new issuer configuration to net-certmanager for system-internal-tls certificates #627

Merged
merged 3 commits into from
Dec 6, 2023
Merged

Add a new issuer configuration to net-certmanager for system-internal-tls certificates #627

merged 3 commits into from
Dec 6, 2023

Conversation

ReToCode
Copy link
Member

@ReToCode ReToCode commented Nov 13, 2023
edited
Loading

Changes

/hold needs knative/networking#891 to be merged first
/hold wait for results of discussion in next Serving WG

/kind enhancement

Fixes knative/serving#14625

Release Note

net-certmanager now allows to sign certificates for the `system-internal-tls` feature

Docs
Will be added once the feature is completed end to end.

@knative-prow knative-prow bot added kind/enhancement do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. labels Nov 13, 2023
@knative-prow Knative Prow
Copy link

knative-prow bot commented Nov 13, 2023

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: ReToCode

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@knative-prow knative-prow bot added approved Indicates a PR has been approved by an approver from all required OWNERS files. size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels Nov 13, 2023
@ReToCode
Copy link
Member Author

PTAL, I'll rebase and remove the go mod replace once the networking PR is merged.

/assign @nak3
/assign @skonto

@codecov Codecov
Copy link

codecov bot commented Nov 13, 2023
edited
Loading

Codecov Report

Attention: 12 lines in your changes are missing coverage. Please review.

Comparison is base (ad31c6f) 89.68% compared to head (73d6a11) 87.93%.
Report is 4 commits behind head on main.

Files Patch % Lines
.../certificate/resources/cert_manager_certificate.go 73.33% 8 Missing ⚠️
pkg/reconciler/certificate/config/cert_manager.go 55.55% 2 Missing and 2 partials ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main     #627      +/-   ##
==========================================
- Coverage   89.68%   87.93%   -1.76%     
==========================================
  Files           5        5              
  Lines         378      406      +28     
==========================================
+ Hits          339      357      +18     
- Misses         27       36       +9     
- Partials       12       13       +1

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@ReToCode ReToCode changed the title Encryption certmanager only Add a new issuer configuration to net-certmanager for system-internal-tls certificates Nov 13, 2023
nak3
nak3 reviewed Nov 14, 2023
View reviewed changes
Copy link
Contributor

@nak3 nak3 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM overall but we should add a conformance test in https://github.com/knative/networking/tree/main/test/conformance/certificate/nonhttp01 ?

pkg/reconciler/certificate/resources/cert_manager_certificate.go Outdated Show resolved Hide resolved
@knative-prow-robot knative-prow-robot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Nov 15, 2023
@knative-prow-robot knative-prow-robot removed the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Nov 24, 2023
@ReToCode
Copy link
Member Author

/unhold

Networking PR is merged: knative/networking#891, conformance tests is tracked in knative/serving#13855. So this is ready to be reviewed again @dprotaso @nak3 @skonto

@knative-prow knative-prow bot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Nov 24, 2023
@ReToCode ReToCode mentioned this pull request Nov 30, 2023
Merged
skonto
skonto reviewed Dec 6, 2023
View reviewed changes
config/config.yaml Outdated Show resolved Hide resolved
@skonto skonto mentioned this pull request Dec 6, 2023
Closed
@skonto
Copy link
Contributor

skonto commented Dec 6, 2023
edited
Loading

Tests pass at the Serving side besides the long standing issue with the http_serving tests flakiness.
/lgtm

@knative-prow knative-prow bot added the lgtm Indicates that a PR is ready to be merged. label Dec 6, 2023
@knative-prow knative-prow bot merged commit 7d37fec into knative-extensions:main Dec 6, 2023
22 checks passed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@skonto skonto skonto left review comments

@nak3 nak3 nak3 left review comments

@KauzClay KauzClay Awaiting requested review from KauzClay

@krsna-m krsna-m Awaiting requested review from krsna-m

Assignees

@nak3 nak3

@skonto skonto

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. kind/enhancement lgtm Indicates that a PR is ready to be merged. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add the ability to generate certificates for system-internal-tls in net-certmanager
4 participants
@ReToCode @skonto @nak3 @knative-prow-robot