-
Notifications
You must be signed in to change notification settings - Fork 4
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Implement a simple pre-uninstall check command #71
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks Charlie, this looks good already!
I've not ran the command yet, but have left a bunch of comments, let me know if it makes sense.
51f649b
to
2451c79
Compare
b4eb908
to
57bd9d4
Compare
There is probably more that could be done here- if we get someone to actualy use it we can iterate and add more checks. |
57bd9d4
to
525a3f9
Compare
945f8ff
to
6c1e5a6
Compare
6c1e5a6
to
7524694
Compare
internal/kubernetes/status/components/cert_manager_csi_driver_spiffe.go
Outdated
Show resolved
Hide resolved
ef87064
to
e0b6267
Compare
e0b6267
to
5d81475
Compare
Example output: ``` $ go run main.go clusters uninstall verify The following secrets contain certificates and are owned by a Certificate resource: * test-namespace/example-net-tdst7 has certificate owner ref * test-namespace/example-com-gpsz7 has certificate owner ref * test-namespace/example-com-tls has certificate owner ref The following certificates will be renewed soon: * test-namespace/example-net will be renewed soon (13m50.20178s) The following certificates are currently being re-issued: * test-namespace/example-com The following certificate requests are pending approval or issuance: * test-namespace/example-net-dxvjx is pending approval * test-namespace/example-com-jggql is pending approval Suggested next steps: * Run 'jsctl experimental clusters cleanup secrets remove-certificate-owner-refs' to make sure secrets containing certificates are not garbage collected * Use cmctl to manually renew certificates: cmctl renew --namespace=test-namespace example-net * Wait for 1 certificates to be issued * Investigate 2 pending certificate requests ``` This command has been added to help users prepare for a migration to the operator. Signed-off-by: Charlie Egan <charlieegan3@users.noreply.github.com>
Adds a couple more checks, removes unnecessary CertificateRequests check Signed-off-by: irbekrm <irbekrm@gmail.com>
Signed-off-by: irbekrm <irbekrm@gmail.com>
Signed-off-by: irbekrm <irbekrm@gmail.com>
Signed-off-by: irbekrm <irbekrm@gmail.com>
Signed-off-by: irbekrm <irbekrm@gmail.com>
Signed-off-by: irbekrm <irbekrm@gmail.com>
5d81475
to
f7eabdb
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you for the PR, I added some remarks wrt improvements that I think can be made still.
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
77d594f
to
be09ad5
Compare
@irbekrm I made some additional changes to fix some code style issues and a remaining bug. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/lgtm
This PR is part of working on the flow defined in https://docs.google.com/document/d/1AxUss0piE9gb_r31_jBS6mv7zWALDqI0ZIfBUiJj3p0/edit?usp=sharing
Example output in a cluster that has cert-manager-csi-driver, cert-manager-csi-driver-spiffe, cert-manager-istio-csr, a Secret with Certificate owner ref, a Certificate that will be renewed and will expire soon: