Integrate net-certmanager in Serving #15066
Conversation
knative-prow
bot
added
the
do-not-merge/work-in-progress
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: skonto The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
knative-prow
bot
added
approved
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #15066 +/- ##
==========================================
+ Coverage 84.11% 84.71% +0.59%
==========================================
Files 213 220 +7
Lines 16783 13546 -3237
==========================================
- Hits 14117 11475 -2642
+ Misses 2315 1699 -616
- Partials 351 372 +21 ☔ View full report in Codecov by Sentry. |
skonto
force-pushed
the
integrate_netcertmanager
branch
from
4225455 to
d922b5b
Compare
|
reviewdog fails due to reviewdog/reviewdog#1696 |
| @@ -89,7 +89,7 @@ jobs: | |||
|
|
|||
| ingress: | |||
| - kourier | |||
| # - kourier-tls | |||
| - kourier-tls | |||
There was a problem hiding this comment.
Reverted it so I can test. Tests seem to pass here consistently.
knative-prow-robot
added
the
needs-rebase
skonto
force-pushed
the
integrate_netcertmanager
branch
from
5490ae1 to
b688951
Compare
knative-prow-robot
removed
the
needs-rebase
skonto
changed the title
knative-prow
bot
removed
the
do-not-merge/work-in-progress
skonto
changed the title
knative-prow-robot
added
the
needs-rebase
| @@ -53,5 +71,55 @@ func main() { | |||
| "reconciliation-timeout", reconciler.DefaultTimeout, | |||
| "The amount of time to give each reconciliation of a resource to complete before its context is canceled.") | |||
|
|
|||
| sharedmain.MainWithContext(signals.NewContext(), "controller", ctors...) | |||
There was a problem hiding this comment.
Can we have a second method in sharedmain where we pass a function to do:
if shouldEnableNetCertManagerController(ctx, client) {
injection.Default.RegisterInformer(challenge.WithInformer)
injection.Default.RegisterInformer(v1certificate.WithInformer)
injection.Default.RegisterInformer(certificaterequest.WithInformer)
injection.Default.RegisterInformer(clusterissuer.WithInformer)
injection.Default.RegisterInformer(issuer.WithInformer)
ctors = append(ctors, netcertmanager.NewController)
}
to avoid duplicating code here?
There was a problem hiding this comment.
Or we just iterate on an array of informers. Moving to sharedmain should be the next iteration imho.
| log.Fatalf("Failed to construct network config: %v", err) | ||
| } | ||
| return netCfg.ExternalDomainTLS || netCfg.SystemInternalTLSEnabled() || (netCfg.ClusterLocalDomainTLS == netcfg.EncryptionEnabled) || | ||
| netCfg.NamespaceWildcardCertSelector != nil |
There was a problem hiding this comment.
can netCfg.NamespaceWildcardCertSelector != nil be used without netCfg.ExternalDomainTLS == true?
| @@ -0,0 +1,68 @@ | |||
| # Copyright 2020 The Knative Authors | |||
There was a problem hiding this comment.
can we use a different file name? It is no longer net-xxx. Maybe just certmanager.yaml?
There was a problem hiding this comment.
I am open to that but I don't have a good name for it. certmanager.yaml implies that we are configuring certmanager itself but what we do is configuration of our component. So not sure, maybe pick another? 🤔
There was a problem hiding this comment.
I see. But the CM is named config-certmanager, so probably still would go with that. In the docs I said "the Knative cert-manager integration".
There was a problem hiding this comment.
Let's use certmanager.yaml as the name here - that's the convention we use for other config maps
pkg/netcertmanager/certificate.go
Outdated
| @@ -0,0 +1,272 @@ | |||
| /* | |||
There was a problem hiding this comment.
I assume all the files from net-certmanager were just copied over, right?
There was a problem hiding this comment.
Yes should I update the date in the heard or something else?
There was a problem hiding this comment.
No, just wanted to make sure, so people know not to really in-depth review them.
| @@ -21,6 +21,8 @@ metadata: | |||
| app.kubernetes.io/name: knative-serving | |||
There was a problem hiding this comment.
we now maybe can symlink the config file to the one in config - if our default values match.
skonto
force-pushed
the
integrate_netcertmanager
branch
from
06cbb7a to
740f03a
Compare
knative-prow-robot
removed
the
needs-rebase
|
Reviewdog PR was merged I will update our action stuff. |
|
sometimes re-running actions doesn't pull latest action changes (eg. when you use matrix values) let me try reopening the PR |
|
nope :/ |
|
I tried rerunning a single action, did not help either. @skonto mind pushing an empty commit? |
|
@knative/productivity-writers any idea what is going wrong here (see Code Style errors)? |
|
reviewdog is having issues grabbing the PR diff because it's so big. GitHub broke something :/ You can follow |
|
@skonto: The following test failed, say
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
|
/lgtm /hold in case you want to wait for the reviewdog fix |
|
Talked to @skonto we'll merge this now and fix issues in a follow up. /hold cancel |
knative-prow
bot
removed
the
do-not-merge/hold
|
/override "style / Golang / Lint" |
|
@dprotaso: Overrode contexts on behalf of dprotaso: style / Golang / Boilerplate Check (go), style / Golang / Boilerplate Check (sh), style / Golang / Do Not Submit, style / Golang / Lint, style / suggester / github_actions, style / suggester / shell, style / suggester / yaml In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
* integrate net-certmanager in Serving * Revert "disable kourier-tls (knative#15053)" This reverts commit 8bda840. * fix imports * add netcert conformance tests * fix vendor * add vendor networking test files * some fixes + rebase * fixes * add crd check * sym link * fix vendor * move reconciler * fix style * empty * move to pkg/client (cherry picked from commit 6ccb82f)
* Integrate net-certmanager in Serving (knative#15066) * integrate net-certmanager in Serving * Revert "disable kourier-tls (knative#15053)" This reverts commit 8bda840. * fix imports * add netcert conformance tests * fix vendor * add vendor networking test files * some fixes + rebase * fixes * add crd check * sym link * fix vendor * move reconciler * fix style * empty * move to pkg/client (cherry picked from commit 6ccb82f) * Run `openshift/release/generate-release.sh release-v1.14` --------- Co-authored-by: Stavros Kontopoulos <st.kontopoulos@gmail.com>
Fixes #14740
Proposed Changes
Release Note