Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

MCO-1457: Clean up MCS CA & TLS cert objects for management #9309

Open
wants to merge 2 commits into
base: main
Choose a base branch
from

Conversation

djoshy
Copy link

@djoshy djoshy commented Dec 11, 2024

This PR adds and fixes up a few templates related to the MCS CA/TLS, so that it matches the format expected by the cert controller being added to the MCO in openshift/machine-config-operator#4735. With these template changes in place, the cert controller of the MCO should no longer cause an immediate rotation when it comes up, preventing issues such as https://issues.redhat.com/browse/OCPBUGS-44832.

@openshift-ci-robot openshift-ci-robot added the jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. label Dec 11, 2024
@openshift-ci-robot
Copy link
Contributor

openshift-ci-robot commented Dec 11, 2024

@djoshy: This pull request references MCO-1457 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.19.0" version, but no target version was set.

In response to this:

This PR adds and fixes up a few templates related to the MCS CA/TLS, so that it matches the format expected by the cert controller being added to the MCO in openshift/machine-config-operator#4735. With these template changes in place, the cert controller of the MCO should no longer cause an immediate rotation when it comes up, preventing issues such as https://issues.redhat.com/browse/OCPBUGS-44832.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@openshift-ci openshift-ci bot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Dec 11, 2024
Copy link
Contributor

openshift-ci bot commented Dec 11, 2024

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

@djoshy
Copy link
Author

djoshy commented Dec 11, 2024

/test all

Copy link
Contributor

openshift-ci bot commented Dec 11, 2024

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign barbacbd for approval. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@djoshy djoshy changed the title [WIP] MCO-1457: Clean up MCS CA & TLS cert objects for cert management [WIP] MCO-1457: Clean up MCS CA & TLS cert objects for management Dec 11, 2024
@djoshy
Copy link
Author

djoshy commented Dec 11, 2024

/test all

@djoshy djoshy marked this pull request as ready for review December 12, 2024 15:48
@openshift-ci openshift-ci bot requested review from andfasano and r4f4 December 12, 2024 15:49
@djoshy djoshy changed the title [WIP] MCO-1457: Clean up MCS CA & TLS cert objects for management MCO-1457: Clean up MCS CA & TLS cert objects for management Dec 12, 2024
@openshift-ci openshift-ci bot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Dec 12, 2024
@andfasano
Copy link
Contributor

/test ?

Copy link
Contributor

openshift-ci bot commented Dec 13, 2024

@andfasano: The following commands are available to trigger required jobs:

/test altinfra-images
/test aro-unit
/test artifacts-images
/test e2e-agent-compact-ipv4
/test e2e-aws-ovn
/test e2e-aws-ovn-edge-zones-manifest-validation
/test e2e-aws-ovn-upi
/test e2e-azure-ovn
/test e2e-azure-ovn-upi
/test e2e-gcp-ovn
/test e2e-gcp-ovn-upi
/test e2e-metal-ipi-ovn-ipv6
/test e2e-openstack-ovn
/test e2e-vsphere-ovn
/test e2e-vsphere-ovn-upi
/test gofmt
/test golint
/test govet
/test images
/test integration-tests
/test integration-tests-nodejoiner
/test openstack-manifests
/test shellcheck
/test terraform-images
/test terraform-verify-vendor
/test tf-lint
/test unit
/test verify-codegen
/test verify-vendor
/test yaml-lint

The following commands are available to trigger optional jobs:

/test altinfra-e2e-aws-custom-security-groups
/test altinfra-e2e-aws-ovn
/test altinfra-e2e-aws-ovn-fips
/test altinfra-e2e-aws-ovn-imdsv2
/test altinfra-e2e-aws-ovn-localzones
/test altinfra-e2e-aws-ovn-proxy
/test altinfra-e2e-aws-ovn-shared-vpc
/test altinfra-e2e-aws-ovn-shared-vpc-local-zones
/test altinfra-e2e-aws-ovn-shared-vpc-wavelength-zones
/test altinfra-e2e-aws-ovn-single-node
/test altinfra-e2e-aws-ovn-wavelengthzones
/test altinfra-e2e-azure-capi-ovn
/test altinfra-e2e-azure-ovn-shared-vpc
/test altinfra-e2e-gcp-capi-ovn
/test altinfra-e2e-gcp-ovn-byo-network-capi
/test altinfra-e2e-gcp-ovn-secureboot-capi
/test altinfra-e2e-gcp-ovn-xpn-capi
/test altinfra-e2e-ibmcloud-capi-ovn
/test altinfra-e2e-nutanix-capi-ovn
/test altinfra-e2e-openstack-capi-ccpmso
/test altinfra-e2e-openstack-capi-ccpmso-zone
/test altinfra-e2e-openstack-capi-dualstack
/test altinfra-e2e-openstack-capi-dualstack-upi
/test altinfra-e2e-openstack-capi-dualstack-v6primary
/test altinfra-e2e-openstack-capi-externallb
/test altinfra-e2e-openstack-capi-nfv-intel
/test altinfra-e2e-openstack-capi-ovn
/test altinfra-e2e-openstack-capi-proxy
/test altinfra-e2e-vsphere-capi-multi-vcenter-ovn
/test altinfra-e2e-vsphere-capi-ovn
/test altinfra-e2e-vsphere-capi-static-ovn
/test altinfra-e2e-vsphere-capi-zones
/test azure-ovn-marketplace-images
/test e2e-agent-4control-ipv4
/test e2e-agent-5control-ipv4
/test e2e-agent-compact-ipv4-appliance-diskimage
/test e2e-agent-compact-ipv4-none-platform
/test e2e-agent-compact-ipv6-minimaliso
/test e2e-agent-ha-dualstack
/test e2e-agent-sno-ipv4-pxe
/test e2e-agent-sno-ipv6
/test e2e-aws-default-config
/test e2e-aws-overlay-mtu-ovn-1200
/test e2e-aws-ovn-custom-iam-profile
/test e2e-aws-ovn-edge-zones
/test e2e-aws-ovn-fips
/test e2e-aws-ovn-heterogeneous
/test e2e-aws-ovn-imdsv2
/test e2e-aws-ovn-proxy
/test e2e-aws-ovn-public-ipv4-pool
/test e2e-aws-ovn-public-ipv4-pool-disabled
/test e2e-aws-ovn-public-subnets
/test e2e-aws-ovn-shared-vpc-custom-security-groups
/test e2e-aws-ovn-shared-vpc-edge-zones
/test e2e-aws-ovn-single-node
/test e2e-aws-ovn-techpreview
/test e2e-aws-ovn-upgrade
/test e2e-aws-ovn-workers-rhel8
/test e2e-aws-upi-proxy
/test e2e-azure-default-config
/test e2e-azure-ovn-resourcegroup
/test e2e-azure-ovn-shared-vpc
/test e2e-azure-ovn-techpreview
/test e2e-azurestack
/test e2e-azurestack-upi
/test e2e-crc
/test e2e-external-aws
/test e2e-external-aws-ccm
/test e2e-gcp-ovn-byo-vpc
/test e2e-gcp-ovn-heterogeneous
/test e2e-gcp-ovn-techpreview
/test e2e-gcp-ovn-xpn
/test e2e-gcp-secureboot
/test e2e-gcp-upgrade
/test e2e-gcp-upi-xpn
/test e2e-gcp-user-provisioned-dns
/test e2e-ibmcloud-ovn
/test e2e-metal-assisted
/test e2e-metal-ipi-ovn
/test e2e-metal-ipi-ovn-dualstack
/test e2e-metal-ipi-ovn-swapped-hosts
/test e2e-metal-ipi-ovn-virtualmedia
/test e2e-metal-single-node-live-iso
/test e2e-nutanix-ovn
/test e2e-openstack-ccpmso
/test e2e-openstack-ccpmso-zone
/test e2e-openstack-dualstack
/test e2e-openstack-dualstack-upi
/test e2e-openstack-externallb
/test e2e-openstack-nfv-intel
/test e2e-openstack-proxy
/test e2e-openstack-singlestackv6
/test e2e-powervs-capi-ovn
/test e2e-vsphere-multi-vcenter-ovn
/test e2e-vsphere-ovn-multi-network
/test e2e-vsphere-ovn-techpreview
/test e2e-vsphere-ovn-upi-zones
/test e2e-vsphere-ovn-zones
/test e2e-vsphere-ovn-zones-techpreview
/test e2e-vsphere-static-ovn
/test okd-scos-e2e-aws-ovn
/test okd-scos-images
/test tf-fmt

Use /test all to run the following jobs that were automatically triggered:

pull-ci-openshift-installer-master-altinfra-images
pull-ci-openshift-installer-master-aro-unit
pull-ci-openshift-installer-master-artifacts-images
pull-ci-openshift-installer-master-e2e-aws-ovn
pull-ci-openshift-installer-master-e2e-vsphere-multi-vcenter-ovn
pull-ci-openshift-installer-master-e2e-vsphere-ovn
pull-ci-openshift-installer-master-e2e-vsphere-ovn-techpreview
pull-ci-openshift-installer-master-e2e-vsphere-ovn-zones
pull-ci-openshift-installer-master-e2e-vsphere-ovn-zones-techpreview
pull-ci-openshift-installer-master-gofmt
pull-ci-openshift-installer-master-golint
pull-ci-openshift-installer-master-govet
pull-ci-openshift-installer-master-images
pull-ci-openshift-installer-master-okd-scos-e2e-aws-ovn
pull-ci-openshift-installer-master-shellcheck
pull-ci-openshift-installer-master-tf-fmt
pull-ci-openshift-installer-master-tf-lint
pull-ci-openshift-installer-master-unit
pull-ci-openshift-installer-master-verify-codegen
pull-ci-openshift-installer-master-verify-vendor
pull-ci-openshift-installer-master-yaml-lint

In response to this:

/test ?

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@andfasano
Copy link
Contributor

Testing the patch against the main agent jobs

/test e2e-agent-compact-ipv4
/test e2e-agent-ha-dualstack
/test e2e-agent-sno-ipv6

@djoshy
Copy link
Author

djoshy commented Dec 13, 2024

Testing with MCO's rotation work included:

/testwith openshift/installer/master/e2e-agent-compact-ipv4 #9309 openshift/machine-config-operator#4735

/testwith openshift/installer/master/e2e-agent-ha-dualstack #9309 openshift/machine-config-operator#4735

/testwith openshift/installer/master/e2e-agent-sno-ipv6 #9309 openshift/machine-config-operator#4735

@djoshy
Copy link
Author

djoshy commented Dec 18, 2024

/test all

Copy link
Contributor

openshift-ci bot commented Dec 18, 2024

@djoshy: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/e2e-azure-ovn 7589564 link true /test e2e-azure-ovn
ci/prow/e2e-gcp-ovn-upi 7589564 link true /test e2e-gcp-ovn-upi
ci/prow/e2e-metal-ipi-ovn-ipv6 7589564 link true /test e2e-metal-ipi-ovn-ipv6
ci/prow/e2e-gcp-ovn 7589564 link true /test e2e-gcp-ovn
ci/prow/okd-scos-e2e-aws-ovn 7589564 link false /test okd-scos-e2e-aws-ovn
ci/prow/openstack-manifests 7589564 link true /test openstack-manifests
ci/prow/e2e-aws-ovn 7589564 link true /test e2e-aws-ovn

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
jira/valid-reference Indicates that this PR references a valid Jira ticket of any type.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants