OPRUN-3681: Add support for proxy trustedCAs #226

tmshort · 2025-01-16T20:21:50Z

Just map the list of trusted ca certs into the deployment

openshift-ci-robot · 2025-01-16T20:21:56Z

@tmshort: This pull request references Jira Issue OCPBUGS-47525, which is valid.

3 validation(s) were run on this bug

bug is open, matching expected state (open)
bug target version (4.19.0) matches configured target version for branch (4.19.0)
bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, POST)

Requesting review from QA contact:
/cc @Xia-Zhao-rh

The bug has been updated to refer to the pull request using the external bug tracker.

In response to this:

Just map the list of trusted ca certs into the deployment

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

tmshort · 2025-01-16T20:22:43Z

/payload-job periodic-ci-openshift-release-master-nightly-4.19-e2e-aws-ovn-proxy

openshift-ci · 2025-01-16T20:23:12Z

@tmshort: trigger 1 job(s) for the /payload-(with-prs|job|aggregate|job-with-prs|aggregate-with-prs) command

periodic-ci-openshift-release-master-nightly-4.19-e2e-aws-ovn-proxy

See details on https://pr-payload-tests.ci.openshift.org/runs/ci/a4bc5ff0-d447-11ef-8868-89f923a136a0-0

Just map the list of trusted ca certs into the deployment Signed-off-by: Todd Short <todd.short@me.com>

openshift-ci-robot · 2025-01-17T19:25:48Z

@tmshort: This pull request references OPRUN-3681 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.19.0" version, but no target version was set.

In response to this:

Just map the list of trusted ca certs into the deployment

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

tmshort · 2025-01-17T21:30:57Z

Updated to deal with both the trusted (proxy) CAs (for external access), and the service CA (for catalogd service access)

camilamacedo86 · 2025-01-17T21:57:06Z

openshift/kustomize/overlays/openshift/olmv1-ns/patches/manager_deployment_certs.yaml

+  value: {"name":"trusted-ca-bundle", "mountPath":"/var/trusted-cas/ca-bundle.crt", "subPath":"ca-bundle.crt" }
+- op: add
+  path: /spec/template/spec/containers/0/volumeMounts/-
+  value: {"name":"service-ca", "mountPath":"/var/trusted-cas/service-ca.crt", "subPath":"service-ca.crt" }


@tmshort

WDYT about we add like a comment on top of each

# Cert required for ....

To help us know in the future?

Anyway, it shows great to go

/lgtm
/approve

Xia-Zhao-rh · 2025-01-18T06:07:02Z

/label qe-approved

openshift-ci-robot · 2025-01-18T06:07:07Z

@tmshort: This pull request references OPRUN-3681 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.19.0" version, but no target version was set.

In response to this:

Just map the list of trusted ca certs into the deployment

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

openshift-ci · 2025-01-18T08:26:33Z

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: camilamacedo86, tmshort

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

~~DOWNSTREAM_OWNERS~~ [tmshort]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

openshift-ci · 2025-01-18T08:26:42Z

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: camilamacedo86, tmshort

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

~~DOWNSTREAM_OWNERS~~ [tmshort]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

Xia-Zhao-rh · 2025-01-20T00:59:28Z

/retest

openshift-ci · 2025-01-20T03:20:36Z

@tmshort: all tests passed!

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

grokspawn · 2025-01-20T16:54:38Z

seeing the add'l payload test, this one looks good
/label acknowledge-critical-fixes-only

tmshort · 2025-01-20T17:02:10Z

/cherry-pick release-4.18

openshift-cherrypick-robot · 2025-01-20T17:02:52Z

@tmshort: #226 failed to apply on top of branch "release-4.18":

Applying: UPSTREAM: <carry>: Add support for proxy trustedCAs
error: mode change for openshift/manifests/18-service-openshift-operator-controller-operator-controller-service.yml, which is not in current HEAD
error: could not build fake ancestor
hint: Use 'git am --show-current-patch=diff' to see the failed patch
hint: When you have resolved this problem, run "git am --continue".
hint: If you prefer to skip this patch, run "git am --skip" instead.
hint: To restore the original branch and stop patching, run "git am --abort".
hint: Disable this message with "git config advice.mergeConflict false"
Patch failed at 0001 UPSTREAM: <carry>: Add support for proxy trustedCAs

In response to this:

/cherry-pick release-4.18

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

openshift-bot · 2025-01-20T19:10:41Z

[ART PR BUILD NOTIFIER]

Distgit: ose-olm-operator-controller
This PR has been included in build ose-olm-operator-controller-container-v4.19.0-202501201837.p0.g9cf0f88.assembly.stream.el9.
All builds following this will include this PR.

openshift-ci-robot added jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. jira/valid-bug Indicates that a referenced Jira bug is valid for the branch this PR is targeting. labels Jan 16, 2025

openshift-ci bot requested a review from Xia-Zhao-rh January 16, 2025 20:22

openshift-ci bot requested review from grokspawn and joelanford January 16, 2025 20:25

openshift-ci bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jan 16, 2025

tmshort force-pushed the add-trusted-ca branch 2 times, most recently from 08cb94e to 35301e0 Compare January 16, 2025 22:16

UPSTREAM: <carry>: Add support for proxy trustedCAs

6911329

Just map the list of trusted ca certs into the deployment Signed-off-by: Todd Short <todd.short@me.com>

tmshort force-pushed the add-trusted-ca branch from 35301e0 to 6911329 Compare January 17, 2025 17:16

tmshort changed the title ~~OCPBUGS-47525: Add support for proxy trustedCAs~~ OPRUN-3681: Add support for proxy trustedCAs Jan 17, 2025

openshift-ci-robot removed the jira/valid-bug Indicates that a referenced Jira bug is valid for the branch this PR is targeting. label Jan 17, 2025

camilamacedo86 reviewed Jan 17, 2025

View reviewed changes

openshift-ci bot added the qe-approved Signifies that QE has signed off on this PR label Jan 18, 2025

camilamacedo86 approved these changes Jan 18, 2025

View reviewed changes

openshift-ci bot assigned camilamacedo86 Jan 18, 2025

openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label Jan 18, 2025

openshift-ci bot added the acknowledge-critical-fixes-only Indicates if the issuer of the label is OK with the policy. label Jan 20, 2025

openshift-merge-bot bot merged commit 9cf0f88 into openshift:main Jan 20, 2025
9 checks passed

tmshort deleted the add-trusted-ca branch January 20, 2025 17:00

tmshort mentioned this pull request Jan 20, 2025

NO-ISSUE: Manual Synchronize from upstream #224

Merged

openshift-ci-robot mentioned this pull request Jan 21, 2025

OCPBUGS-48640: Add service-ca into catalogd trusted certs openshift/operator-framework-catalogd#114

Merged

OPRUN-3681: Add support for proxy trustedCAs #226

OPRUN-3681: Add support for proxy trustedCAs #226

Uh oh!

Conversation

tmshort commented Jan 16, 2025

Uh oh!

openshift-ci-robot commented Jan 16, 2025

Uh oh!

tmshort commented Jan 16, 2025

Uh oh!

openshift-ci bot commented Jan 16, 2025

Uh oh!

openshift-ci-robot commented Jan 17, 2025 • edited by openshift-ci bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

tmshort commented Jan 17, 2025

Uh oh!

camilamacedo86 Jan 17, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

Uh oh!

camilamacedo86 Jan 18, 2025

Choose a reason for hiding this comment

Uh oh!

Xia-Zhao-rh commented Jan 18, 2025

Uh oh!

openshift-ci-robot commented Jan 18, 2025 • edited by openshift-ci bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

openshift-ci bot commented Jan 18, 2025

Uh oh!

openshift-ci bot commented Jan 18, 2025

Uh oh!

Xia-Zhao-rh commented Jan 20, 2025

Uh oh!

openshift-ci bot commented Jan 20, 2025

Uh oh!

grokspawn commented Jan 20, 2025

Uh oh!

Uh oh!

tmshort commented Jan 20, 2025

Uh oh!

openshift-cherrypick-robot commented Jan 20, 2025

Uh oh!

openshift-bot commented Jan 20, 2025

Uh oh!

Uh oh!

openshift-ci-robot commented Jan 17, 2025 •

edited by openshift-ci bot

Loading

camilamacedo86 Jan 17, 2025 •

edited

Loading

openshift-ci-robot commented Jan 18, 2025 •

edited by openshift-ci bot

Loading