Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Re-generate test/config/tls/cert-secret.yaml #14324

Merged

Conversation

nak3
Copy link
Contributor

@nak3 nak3 commented Sep 1, 2023

Current tls e2e test always fails due to service_to_service_test.go:168: Failed to start endpoint of httpproxy: response: status: 502, body: x509: certificate has expired or is not yet valid: current time 2023-08-31T13:27:40Z is after 2023-08-31T09:13:11Z for example #14323

This is caused by expired certificate in test/config/tls/cert-secret.yaml:

        Validity
            Not Before: Aug 31 09:13:11 2022 GMT
            Not After : Aug 31 09:13:11 2023 GMT
        Subject: O = Knative Community, CN = example.com

Hence, this patch re-generates the secret by:

$ cd test/config/tls/
$ ./generate.sh

Also, it expands the expired date to 10 years.

Release Note

NONE

@knative-prow knative-prow bot added approved Indicates a PR has been approved by an approver from all required OWNERS files. size/S Denotes a PR that changes 10-29 lines, ignoring generated files. labels Sep 1, 2023
@knative-prow knative-prow bot added the area/test-and-release It flags unit/e2e/conformance/perf test issues for product features label Sep 1, 2023
@codecov
Copy link

codecov bot commented Sep 1, 2023

Codecov Report

Patch coverage has no change and project coverage change: +0.02% 🎉

Comparison is base (8dbb2d3) 86.04% compared to head (5d0b6b0) 86.06%.

Additional details and impacted files
@@            Coverage Diff             @@
##             main   #14324      +/-   ##
==========================================
+ Coverage   86.04%   86.06%   +0.02%     
==========================================
  Files         196      196              
  Lines       14781    14781              
==========================================
+ Hits        12718    12721       +3     
+ Misses       1754     1753       -1     
+ Partials      309      307       -2     

see 1 file with indirect coverage changes

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

Copy link
Member

@ReToCode ReToCode left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm
/approve

@knative-prow knative-prow bot added the lgtm Indicates that a PR is ready to be merged. label Sep 1, 2023
@knative-prow
Copy link

knative-prow bot commented Sep 1, 2023

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: nak3, ReToCode

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@knative-prow knative-prow bot merged commit 005838b into knative:main Sep 1, 2023
59 checks passed
nak3 added a commit to nak3/serving that referenced this pull request Sep 4, 2023
openshift-merge-robot pushed a commit to openshift-knative/serving that referenced this pull request Sep 4, 2023
openshift-cherrypick-robot pushed a commit to openshift-cherrypick-robot/knative-serving that referenced this pull request Sep 4, 2023
openshift-cherrypick-robot pushed a commit to openshift-cherrypick-robot/knative-serving that referenced this pull request Sep 4, 2023
openshift-cherrypick-robot pushed a commit to openshift-cherrypick-robot/knative-serving that referenced this pull request Sep 4, 2023
openshift-merge-robot pushed a commit to openshift-knative/serving that referenced this pull request Sep 4, 2023
Co-authored-by: Kenjiro Nakayama <nakayamakenjiro@gmail.com>
openshift-merge-robot pushed a commit to openshift-knative/serving that referenced this pull request Sep 4, 2023
Co-authored-by: Kenjiro Nakayama <nakayamakenjiro@gmail.com>
openshift-merge-robot pushed a commit to openshift-knative/serving that referenced this pull request Sep 5, 2023
Co-authored-by: Kenjiro Nakayama <nakayamakenjiro@gmail.com>
nak3 added a commit to nak3/serving that referenced this pull request Oct 12, 2023
nak3 added a commit to nak3/serving that referenced this pull request Oct 12, 2023
knative-prow bot pushed a commit that referenced this pull request Oct 12, 2023
* [release-1.11] bump x/net to v1.17

* Re-generate test/config/tls/cert-secret.yaml (#14324)

* Run hack/update-codegen.sh --upgrade --release 1.11
knative-prow bot pushed a commit that referenced this pull request Oct 12, 2023
* [release-1.10] bump x/net to v0.17

* Re-generate test/config/tls/cert-secret.yaml (#14324)

* Run hack/upgrade
openshift-ci bot pushed a commit to openshift-knative/serving that referenced this pull request Oct 12, 2023
* Min TLS for tag to digest defaults to 1.2 again and is configurable (knative#13963)

quay.io only supports 1.2

Co-authored-by: dprotaso <dprotaso@gmail.com>

* drop safe to evict annotations (knative#14051)

this prevents nodes from draining

Co-authored-by: dprotaso <dprotaso@gmail.com>

* [release-1.10] RandomChoice 2 policy wasn't random when the number of targets is 2 (with equal weight) (knative#14052)

* RandomChoice 2 policy wasn't random when the number of targets is 2

* fix linting

---------

Co-authored-by: dprotaso <dprotaso@gmail.com>

* [release-1.10] fix securityContext for Knative Service Pod (user-container and queue-proxy) (knative#14377)

* add seccompProfile to queue container security context

* run as non root by default

* update tests to expect new default run as nonroot

* fix perms

---------

Co-authored-by: Clay Kauzlaric <ckauzlaric@vmware.com>
Co-authored-by: Dave Protasowski <dprotaso@gmail.com>

* Leave a comment which will trigger a new dot release (knative#14501)

* [release-1.10] bump x/net to v0.17 (knative#14517)

* [release-1.10] bump x/net to v0.17

* Re-generate test/config/tls/cert-secret.yaml (knative#14324)

* Run hack/upgrade

* Update secure-pod-defaults patch

* Use a static value for S-O branch

---------

Co-authored-by: Knative Prow Robot <knative-prow-robot@google.com>
Co-authored-by: dprotaso <dprotaso@gmail.com>
Co-authored-by: Clay Kauzlaric <ckauzlaric@vmware.com>
Co-authored-by: Kenjiro Nakayama <nakayamakenjiro@gmail.com>
openshift-ci bot pushed a commit to openshift-knative/serving that referenced this pull request Oct 16, 2023
* [release-1.11] fix securityContext for Knative Service Pod (user-container and queue-proxy) (knative#14378)

* add seccompProfile to queue container security context

* run as non root by default

* update tests to expect new default run as nonroot

---------

Co-authored-by: Clay Kauzlaric <ckauzlaric@vmware.com>

* Leave a comment which will trigger a new dot release (knative#14500)

* [release-1.11] bump x/net to v0.17 (knative#14516)

* [release-1.11] bump x/net to v1.17

* Re-generate test/config/tls/cert-secret.yaml (knative#14324)

* Run hack/update-codegen.sh --upgrade --release 1.11

* Update secure-pod-defaults patch

---------

Co-authored-by: Knative Prow Robot <automation+prow-robot@knative.team>
Co-authored-by: Clay Kauzlaric <ckauzlaric@vmware.com>
Co-authored-by: Kenjiro Nakayama <nakayamakenjiro@gmail.com>
openshift-ci bot pushed a commit to openshift-knative/serving that referenced this pull request Oct 20, 2023
* [release-1.11] fix securityContext for Knative Service Pod (user-container and queue-proxy) (knative#14378)

* add seccompProfile to queue container security context

* run as non root by default

* update tests to expect new default run as nonroot

---------

Co-authored-by: Clay Kauzlaric <ckauzlaric@vmware.com>

* Leave a comment which will trigger a new dot release (knative#14500)

* [release-1.11] bump x/net to v0.17 (knative#14516)

* [release-1.11] bump x/net to v1.17

* Re-generate test/config/tls/cert-secret.yaml (knative#14324)

* Run hack/update-codegen.sh --upgrade --release 1.11

* Bound buffer for reading stats (knative#14542)

Co-authored-by: Evan Anderson <evan.k.anderson@gmail.com>

---------

Co-authored-by: Knative Prow Robot <automation+prow-robot@knative.team>
Co-authored-by: Clay Kauzlaric <ckauzlaric@vmware.com>
Co-authored-by: Kenjiro Nakayama <nakayamakenjiro@gmail.com>
Co-authored-by: Evan Anderson <evan.k.anderson@gmail.com>
openshift-ci bot pushed a commit to openshift-knative/serving that referenced this pull request Oct 20, 2023
* Min TLS for tag to digest defaults to 1.2 again and is configurable (knative#13963)

quay.io only supports 1.2

Co-authored-by: dprotaso <dprotaso@gmail.com>

* drop safe to evict annotations (knative#14051)

this prevents nodes from draining

Co-authored-by: dprotaso <dprotaso@gmail.com>

* [release-1.10] RandomChoice 2 policy wasn't random when the number of targets is 2 (with equal weight) (knative#14052)

* RandomChoice 2 policy wasn't random when the number of targets is 2

* fix linting

---------

Co-authored-by: dprotaso <dprotaso@gmail.com>

* [release-1.10] fix securityContext for Knative Service Pod (user-container and queue-proxy) (knative#14377)

* add seccompProfile to queue container security context

* run as non root by default

* update tests to expect new default run as nonroot

* fix perms

---------

Co-authored-by: Clay Kauzlaric <ckauzlaric@vmware.com>
Co-authored-by: Dave Protasowski <dprotaso@gmail.com>

* Leave a comment which will trigger a new dot release (knative#14501)

* [release-1.10] bump x/net to v0.17 (knative#14517)

* [release-1.10] bump x/net to v0.17

* Re-generate test/config/tls/cert-secret.yaml (knative#14324)

* Run hack/upgrade

* Bound buffer for reading stats (knative#14541)

Co-authored-by: Evan Anderson <evan.k.anderson@gmail.com>

---------

Co-authored-by: Knative Prow Robot <knative-prow-robot@google.com>
Co-authored-by: dprotaso <dprotaso@gmail.com>
Co-authored-by: Clay Kauzlaric <ckauzlaric@vmware.com>
Co-authored-by: Kenjiro Nakayama <nakayamakenjiro@gmail.com>
Co-authored-by: Evan Anderson <evan.k.anderson@gmail.com>
mgencur pushed a commit to mgencur/serving-1 that referenced this pull request Nov 16, 2023
…#439)

Co-authored-by: Kenjiro Nakayama <nakayamakenjiro@gmail.com>
openshift-merge-bot bot pushed a commit to openshift-knative/serving that referenced this pull request Jan 8, 2024
* [release-1.11] fix securityContext for Knative Service Pod (user-container and queue-proxy) (knative#14378)

* add seccompProfile to queue container security context

* run as non root by default

* update tests to expect new default run as nonroot

---------

Co-authored-by: Clay Kauzlaric <ckauzlaric@vmware.com>

* Leave a comment which will trigger a new dot release (knative#14500)

* [release-1.11] bump x/net to v0.17 (knative#14516)

* [release-1.11] bump x/net to v1.17

* Re-generate test/config/tls/cert-secret.yaml (knative#14324)

* Run hack/update-codegen.sh --upgrade --release 1.11

* Bound buffer for reading stats (knative#14542)

Co-authored-by: Evan Anderson <evan.k.anderson@gmail.com>

* upgrade to latest dependencies (knative#14552)

bumping knative.dev/pkg bd99f2f...56bfe0d:
  > 56bfe0d [release-1.11] [CVE-2023-44487] Disable http2 for webhooks (# 2875)
bumping knative.dev/caching 24ff723...ee89f75:
  > ee89f75 upgrade to latest dependencies (# 797)

Signed-off-by: Knative Automation <automation@knative.team>

* Upgrade grpc for addressing GHSA-m425-mq94-257g (knative#14579)

More info at GHSA-m425-mq94-257g

* remove duplicate 'additionalPrinterColumns' (knative#14654)

Signed-off-by: Kenny Leung <kleung@chainguard.dev>
Co-authored-by: Kenny Leung <kleung@chainguard.dev>

* [release-1.11] Bump to fix knative#14732 (knative#14734)

* Bump to fix knative#14732

* Bump to fix serving/knative#14732

* Sync with upstream release-1.11

---------

Signed-off-by: Knative Automation <automation@knative.team>
Signed-off-by: Kenny Leung <kleung@chainguard.dev>
Co-authored-by: Knative Prow Robot <automation+prow-robot@knative.team>
Co-authored-by: Clay Kauzlaric <ckauzlaric@vmware.com>
Co-authored-by: Kenjiro Nakayama <nakayamakenjiro@gmail.com>
Co-authored-by: Evan Anderson <evan.k.anderson@gmail.com>
Co-authored-by: Knative Automation <automation@knative.team>
Co-authored-by: Juan Sanin <jsanin@vmware.com>
Co-authored-by: Kenny Leung <kleung@chainguard.dev>
Co-authored-by: Dave Protasowski <dprotaso@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. area/test-and-release It flags unit/e2e/conformance/perf test issues for product features lgtm Indicates that a PR is ready to be merged. size/S Denotes a PR that changes 10-29 lines, ignoring generated files.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants