-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Re-generate test/config/tls/cert-secret.yaml #14324
Re-generate test/config/tls/cert-secret.yaml #14324
Conversation
Codecov ReportPatch coverage has no change and project coverage change:
Additional details and impacted files@@ Coverage Diff @@
## main #14324 +/- ##
==========================================
+ Coverage 86.04% 86.06% +0.02%
==========================================
Files 196 196
Lines 14781 14781
==========================================
+ Hits 12718 12721 +3
+ Misses 1754 1753 -1
+ Partials 309 307 -2 ☔ View full report in Codecov by Sentry. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/lgtm
/approve
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: nak3, ReToCode The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Co-authored-by: Kenjiro Nakayama <nakayamakenjiro@gmail.com>
Co-authored-by: Kenjiro Nakayama <nakayamakenjiro@gmail.com>
Co-authored-by: Kenjiro Nakayama <nakayamakenjiro@gmail.com>
* [release-1.11] bump x/net to v1.17 * Re-generate test/config/tls/cert-secret.yaml (#14324) * Run hack/update-codegen.sh --upgrade --release 1.11
* [release-1.10] bump x/net to v0.17 * Re-generate test/config/tls/cert-secret.yaml (#14324) * Run hack/upgrade
* Min TLS for tag to digest defaults to 1.2 again and is configurable (knative#13963) quay.io only supports 1.2 Co-authored-by: dprotaso <dprotaso@gmail.com> * drop safe to evict annotations (knative#14051) this prevents nodes from draining Co-authored-by: dprotaso <dprotaso@gmail.com> * [release-1.10] RandomChoice 2 policy wasn't random when the number of targets is 2 (with equal weight) (knative#14052) * RandomChoice 2 policy wasn't random when the number of targets is 2 * fix linting --------- Co-authored-by: dprotaso <dprotaso@gmail.com> * [release-1.10] fix securityContext for Knative Service Pod (user-container and queue-proxy) (knative#14377) * add seccompProfile to queue container security context * run as non root by default * update tests to expect new default run as nonroot * fix perms --------- Co-authored-by: Clay Kauzlaric <ckauzlaric@vmware.com> Co-authored-by: Dave Protasowski <dprotaso@gmail.com> * Leave a comment which will trigger a new dot release (knative#14501) * [release-1.10] bump x/net to v0.17 (knative#14517) * [release-1.10] bump x/net to v0.17 * Re-generate test/config/tls/cert-secret.yaml (knative#14324) * Run hack/upgrade * Update secure-pod-defaults patch * Use a static value for S-O branch --------- Co-authored-by: Knative Prow Robot <knative-prow-robot@google.com> Co-authored-by: dprotaso <dprotaso@gmail.com> Co-authored-by: Clay Kauzlaric <ckauzlaric@vmware.com> Co-authored-by: Kenjiro Nakayama <nakayamakenjiro@gmail.com>
* [release-1.11] fix securityContext for Knative Service Pod (user-container and queue-proxy) (knative#14378) * add seccompProfile to queue container security context * run as non root by default * update tests to expect new default run as nonroot --------- Co-authored-by: Clay Kauzlaric <ckauzlaric@vmware.com> * Leave a comment which will trigger a new dot release (knative#14500) * [release-1.11] bump x/net to v0.17 (knative#14516) * [release-1.11] bump x/net to v1.17 * Re-generate test/config/tls/cert-secret.yaml (knative#14324) * Run hack/update-codegen.sh --upgrade --release 1.11 * Update secure-pod-defaults patch --------- Co-authored-by: Knative Prow Robot <automation+prow-robot@knative.team> Co-authored-by: Clay Kauzlaric <ckauzlaric@vmware.com> Co-authored-by: Kenjiro Nakayama <nakayamakenjiro@gmail.com>
* [release-1.11] fix securityContext for Knative Service Pod (user-container and queue-proxy) (knative#14378) * add seccompProfile to queue container security context * run as non root by default * update tests to expect new default run as nonroot --------- Co-authored-by: Clay Kauzlaric <ckauzlaric@vmware.com> * Leave a comment which will trigger a new dot release (knative#14500) * [release-1.11] bump x/net to v0.17 (knative#14516) * [release-1.11] bump x/net to v1.17 * Re-generate test/config/tls/cert-secret.yaml (knative#14324) * Run hack/update-codegen.sh --upgrade --release 1.11 * Bound buffer for reading stats (knative#14542) Co-authored-by: Evan Anderson <evan.k.anderson@gmail.com> --------- Co-authored-by: Knative Prow Robot <automation+prow-robot@knative.team> Co-authored-by: Clay Kauzlaric <ckauzlaric@vmware.com> Co-authored-by: Kenjiro Nakayama <nakayamakenjiro@gmail.com> Co-authored-by: Evan Anderson <evan.k.anderson@gmail.com>
* Min TLS for tag to digest defaults to 1.2 again and is configurable (knative#13963) quay.io only supports 1.2 Co-authored-by: dprotaso <dprotaso@gmail.com> * drop safe to evict annotations (knative#14051) this prevents nodes from draining Co-authored-by: dprotaso <dprotaso@gmail.com> * [release-1.10] RandomChoice 2 policy wasn't random when the number of targets is 2 (with equal weight) (knative#14052) * RandomChoice 2 policy wasn't random when the number of targets is 2 * fix linting --------- Co-authored-by: dprotaso <dprotaso@gmail.com> * [release-1.10] fix securityContext for Knative Service Pod (user-container and queue-proxy) (knative#14377) * add seccompProfile to queue container security context * run as non root by default * update tests to expect new default run as nonroot * fix perms --------- Co-authored-by: Clay Kauzlaric <ckauzlaric@vmware.com> Co-authored-by: Dave Protasowski <dprotaso@gmail.com> * Leave a comment which will trigger a new dot release (knative#14501) * [release-1.10] bump x/net to v0.17 (knative#14517) * [release-1.10] bump x/net to v0.17 * Re-generate test/config/tls/cert-secret.yaml (knative#14324) * Run hack/upgrade * Bound buffer for reading stats (knative#14541) Co-authored-by: Evan Anderson <evan.k.anderson@gmail.com> --------- Co-authored-by: Knative Prow Robot <knative-prow-robot@google.com> Co-authored-by: dprotaso <dprotaso@gmail.com> Co-authored-by: Clay Kauzlaric <ckauzlaric@vmware.com> Co-authored-by: Kenjiro Nakayama <nakayamakenjiro@gmail.com> Co-authored-by: Evan Anderson <evan.k.anderson@gmail.com>
…#439) Co-authored-by: Kenjiro Nakayama <nakayamakenjiro@gmail.com>
* [release-1.11] fix securityContext for Knative Service Pod (user-container and queue-proxy) (knative#14378) * add seccompProfile to queue container security context * run as non root by default * update tests to expect new default run as nonroot --------- Co-authored-by: Clay Kauzlaric <ckauzlaric@vmware.com> * Leave a comment which will trigger a new dot release (knative#14500) * [release-1.11] bump x/net to v0.17 (knative#14516) * [release-1.11] bump x/net to v1.17 * Re-generate test/config/tls/cert-secret.yaml (knative#14324) * Run hack/update-codegen.sh --upgrade --release 1.11 * Bound buffer for reading stats (knative#14542) Co-authored-by: Evan Anderson <evan.k.anderson@gmail.com> * upgrade to latest dependencies (knative#14552) bumping knative.dev/pkg bd99f2f...56bfe0d: > 56bfe0d [release-1.11] [CVE-2023-44487] Disable http2 for webhooks (# 2875) bumping knative.dev/caching 24ff723...ee89f75: > ee89f75 upgrade to latest dependencies (# 797) Signed-off-by: Knative Automation <automation@knative.team> * Upgrade grpc for addressing GHSA-m425-mq94-257g (knative#14579) More info at GHSA-m425-mq94-257g * remove duplicate 'additionalPrinterColumns' (knative#14654) Signed-off-by: Kenny Leung <kleung@chainguard.dev> Co-authored-by: Kenny Leung <kleung@chainguard.dev> * [release-1.11] Bump to fix knative#14732 (knative#14734) * Bump to fix knative#14732 * Bump to fix serving/knative#14732 * Sync with upstream release-1.11 --------- Signed-off-by: Knative Automation <automation@knative.team> Signed-off-by: Kenny Leung <kleung@chainguard.dev> Co-authored-by: Knative Prow Robot <automation+prow-robot@knative.team> Co-authored-by: Clay Kauzlaric <ckauzlaric@vmware.com> Co-authored-by: Kenjiro Nakayama <nakayamakenjiro@gmail.com> Co-authored-by: Evan Anderson <evan.k.anderson@gmail.com> Co-authored-by: Knative Automation <automation@knative.team> Co-authored-by: Juan Sanin <jsanin@vmware.com> Co-authored-by: Kenny Leung <kleung@chainguard.dev> Co-authored-by: Dave Protasowski <dprotaso@gmail.com>
Current tls e2e test always fails due to
service_to_service_test.go:168: Failed to start endpoint of httpproxy: response: status: 502, body: x509: certificate has expired or is not yet valid: current time 2023-08-31T13:27:40Z is after 2023-08-31T09:13:11Z
for example #14323This is caused by expired certificate in test/config/tls/cert-secret.yaml:
Hence, this patch re-generates the secret by:
Also, it expands the expired date to 10 years.
Release Note