Skip to content
This repository has been archived by the owner on Dec 1, 2022. It is now read-only.

[release-v1.5] Support config to deploy internal certificates automatically #1236

Merged
merged 13 commits into from
Sep 9, 2022
Merged

[release-v1.5] Support config to deploy internal certificates automatically #1236

merged 13 commits into from
Sep 9, 2022

Conversation

mgencur
Copy link

@mgencur mgencur commented Sep 6, 2022

  • Add manifest patch for internal-tls to openshift/release/artifacts
  • Support config to deploy internal certificates automatically
  • Modify scripts in openshift/ to enable internal tls and tls for cluster-local gateway
  • Pull the new make target for running tls tests from "main" branch.
  • Tests for encryption with Kourier local gateway

nak3 and others added 8 commits September 6, 2022 11:54
@nak3 @mgencur
[RELEASE-v1.5] Add manifest patch for internal-tls to `openshift/rele…
d54ab0e 
…ase/artifacts` (knative#1202)

* Add secret to 1.5 CI yaml

* auto generated
@nak3 @knative-automation @mgencur
Support config to deploy internal certificates automatically (knative…
86c0591 
…#13005)

* Add certificate reconciler for internal certs

* Fix cert path

* Temporary use local networking repo

* Support internal-encryption configuration

* Use const for cert name

* Fix lint

* rm blank line

* Drop unused variable

* Use one line style

* Use one line code

* Update net-kourier nightly

bumping knative.dev/net-kourier d758682...b9b1e8b:
  > b9b1e8b Use `internal-encryption` to deploy internal certificates automatically (# 855)
  > 427434c bump kind and k8s versions in kind-e2e tests (# 859)

Signed-off-by: Knative Automation <automation@knative.team>

* Verify SecretPKKey as well

* Do not drop activator always in the path

* Comment about ctrl-ca suffix

Co-authored-by: Knative Automation <automation@knative.team>
@mgencur
Update deps
4f13db2
@nak3 @mgencur
Enable internal-tls on ocp-tls (knative#1203)
2f9655b 
* Enable internal-tls on OCP 4.8

* Use tls to match JOB name
@nak3 @mgencur
Add a target to enable internal-tls in Makefile (knative#1224)
3ed988e 
* Add a target to enable internal-tls in Makefile

* Update CI template for internal-tls enabled
@mgencur
Tests for encryption with Kourier local gateway (knative#13263)
46830b3 
* Generate Secrets

* Commit generated cert-secret.yaml

* httpproxy enables tls client

* httpproxy uses https when CA_CERT specified

* Pass CA_CERT and SERVER_NAME env variables properly to tests

* Avoid using cluster-local certificates for external services
@mgencur
Enable tls tests for cluster-local Kourier gateway
d2dc8f4 
* Need to create test resources including the test namespace first
before installing Knative so that applying
test/config/tls/cert-secret.yaml succeeds
@mgencur
TMP: Enable tls in the standard e2e make target - test purposes
5bb3549
@openshift-ci openshift-ci bot requested review from alanfx and mvinkler September 6, 2022 10:36
@openshift-ci openshift-ci bot added area/test-and-release Issues or PRs related to test and release approved Indicates a PR has been approved by an approver from all required OWNERS files. labels Sep 6, 2022
@mgencur
Copy link
Author

mgencur commented Sep 7, 2022

It works! Reverting the temporary commit for enabling tls by default.

@mgencur
Copy link
Author

mgencur commented Sep 7, 2022

Testing it again after openshift-knative/net-kourier#24 was merged.

@mgencur
Copy link
Author

mgencur commented Sep 8, 2022

The failures are unrelated to these changes. OCP 4.7 fails with https://issues.redhat.com/browse/SRVKS-946 (this can be seen in ingress operator pod).
Overall, I think this works. Reverting the temp commit.

@nak3
Copy link

nak3 commented Sep 9, 2022

/lgtm

@openshift-ci openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label Sep 9, 2022
@openshift-ci
Copy link

openshift-ci bot commented Sep 9, 2022

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: mgencur, nak3

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci-robot
Copy link

/retest-required

Remaining retests: 0 against base HEAD e5083cd and 2 for PR HEAD fe46bcf in total

@openshift-ci
Copy link

openshift-ci bot commented Sep 9, 2022

@mgencur: all tests passed!

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

@openshift-merge-robot openshift-merge-robot merged commit aba172f into openshift:release-v1.5 Sep 9, 2022
@skonto skonto mentioned this pull request Sep 26, 2022
Merged
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@alanfx alanfx Awaiting requested review from alanfx

@mvinkler mvinkler Awaiting requested review from mvinkler

Assignees

@nak3 nak3

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. area/test-and-release Issues or PRs related to test and release lgtm Indicates that a PR is ready to be merged.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@mgencur @nak3 @openshift-ci-robot @openshift-merge-robot