Revert "Use new ClusterIssuer for testing certificate rotation"

knative · May 22, 2024 · 1ff3bf4 · 1ff3bf4
1 parent fec714e
commit 1ff3bf4
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 42 deletions.
diff --git a/test/config/ytt/certmanager/net-certmanager-config.yaml b/test/config/ytt/certmanager/net-certmanager-config.yaml
@@ -40,19 +40,6 @@ spec:
     secretName: knative-selfsigned-ca
 ---
 apiVersion: cert-manager.io/v1
-kind: ClusterIssuer
-metadata:
-  name: knative-selfsigned-issuer-renewed
-  labels:
-    app.kubernetes.io/component: net-certmanager
-    app.kubernetes.io/name: knative-serving
-    networking.knative.dev/certificate-provider: cert-manager
-    knative.dev/issuer-install: "true"
-spec:
-  ca:
-    secretName: knative-selfsigned-ca-renewed
----
-apiVersion: cert-manager.io/v1
 kind: Certificate
 metadata:
   name: knative-selfsigned-ca
@@ -72,23 +59,4 @@ spec:
   issuerRef:
     kind: ClusterIssuer
     name: selfsigned-cluster-issuer
----
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  name: knative-selfsigned-ca-renewed
-  namespace: cert-manager
-  labels:
-    app.kubernetes.io/component: net-certmanager
-    app.kubernetes.io/name: knative-serving
-    networking.knative.dev/certificate-provider: cert-manager
-    knative.dev/issuer-install: "true"
-spec:
-  secretName: knative-selfsigned-ca-renewed
-  commonName: knative.dev
-  usages:
-    - server auth
-  isCA: true
-  issuerRef:
-    kind: ClusterIssuer
-    name: selfsigned-cluster-issuer
+
diff --git a/test/e2e/encryption.go b/test/e2e/encryption.go
@@ -40,13 +40,8 @@ const (
 	certManagerNamespace = "cert-manager"
 )
 
-// GetCASecret returns the default Secret that is used by the CA to issue KnativeCertificates.
+// GetCASecret returns the Secret that is used by the CA to issue KnativeCertificates.
 func GetCASecret(clients *test.Clients) (*corev1.Secret, error) {
-	return GetCASecretByName(clients, certManagerCASecret)
-}
-
-// GetCASecretByName returns the named Secret that is used by the CA to issue KnativeCertificates.
-func GetCASecretByName(clients *test.Clients, name string) (*corev1.Secret, error) {
 	cm, err := clients.KubeClient.CoreV1().ConfigMaps(system.Namespace()).
 		Get(context.Background(), netcfg.ConfigMapName, metav1.GetOptions{})
 	if err != nil {
@@ -62,7 +57,7 @@ func GetCASecretByName(clients *test.Clients, name string) (*corev1.Secret, erro
 	class := getCertificateClass(cm)
 	switch class {
 	case netcfg.CertManagerCertificateClassName:
-		return getCertManagerCA(clients, name)
+		return getCertManagerCA(clients)
 	default:
 		return nil, fmt.Errorf("invalid %s: %s", netcfg.DefaultCertificateClassKey, class)
 	}
@@ -78,10 +73,10 @@ func getCertificateClass(cm *corev1.ConfigMap) string {
 	return netcfg.CertManagerCertificateClassName
 }
 
-func getCertManagerCA(clients *test.Clients, secretName string) (*corev1.Secret, error) {
+func getCertManagerCA(clients *test.Clients) (*corev1.Secret, error) {
 	var secret *corev1.Secret
 	err := wait.PollUntilContextTimeout(context.Background(), test.PollInterval, test.PollTimeout, true, func(context.Context) (bool, error) {
-		caSecret, err := clients.KubeClient.CoreV1().Secrets(certManagerNamespace).Get(context.Background(), secretName, metav1.GetOptions{})
+		caSecret, err := clients.KubeClient.CoreV1().Secrets(certManagerNamespace).Get(context.Background(), certManagerCASecret, metav1.GetOptions{})
 		if err != nil {
 			if apierrs.IsNotFound(err) {
 				return false, nil