Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Propagate the status when a Knative Certificate fails to be created #14530

Closed
gabo1208 opened this issue Oct 17, 2023 · 8 comments · Fixed by #14962
Closed

Propagate the status when a Knative Certificate fails to be created #14530

gabo1208 opened this issue Oct 17, 2023 · 8 comments · Fixed by #14962
Assignees
@ckcd
Labels
area/networking good first issue Denotes an issue ready for a new contributor, according to the "help wanted" guidelines. kind/feature Well-understood/specified features, ready for coding.

Comments

@gabo1208
Copy link
Member

/area networking
/kind good-first-issue

Describe the feature

We need to have the required lifecycle methods to know when a Knative Certificate creation have failed. Right now we just have the Ready condition and in the status we haven't implemented all the commented conditions that allows to check if the Cert has failed or is just not ready (https://github.com/knative/networking/blob/main/pkg/apis/networking/v1alpha1/certificate_types.go#L94)

This feature is related to: knative/networking#875
@gabo1208 gabo1208 added the kind/feature Well-understood/specified features, ready for coding. label Oct 17, 2023
@knative-prow knative-prow bot added area/networking kind/good-first-issue Denotes an issue ready for a new contributor. labels Oct 17, 2023
@gabo1208 gabo1208 mentioned this issue Oct 17, 2023
Merged
@xiangpingjiang
Copy link
Contributor

/assign

@xiangpingjiang
Copy link
Contributor

hello @gabo1208
Is there any docs to show how to use the Knative Certificate crd ?

@ReToCode
Copy link
Member

Hey @xiangpingjiang they are an internal CR to bridge between Serving and an issuer (like net-certmanager). You should get those certificates if you enable the external-domain-tls feature and install cert-manager, net-certmanager (docs: https://knative.dev/docs/serving/encryption/enabling-automatic-tls-certificate-provisioning/ )

@gabo1208
Copy link
Member Author

gabo1208 commented Nov 14, 2023
edited

Hey @xiangpingjiang I read your question wrong, thought you were asking for docs on how it works, thanks @ReToCode for answering correctly

old answer still applies to what I understood hehe: but a clue is always check the reconciler, specifically the file that has the resource name: https://github.com/knative/networking/blob/main/pkg/certificates/reconciler/certificates.go

There you can see the creation flow of a certificate, and probably there you can modify its behavior to bubble up underlying resources' status.

Also, feel free to ping me over slack to discuss anything :)!

@dprotaso dprotaso added good first issue Denotes an issue ready for a new contributor, according to the "help wanted" guidelines. and removed kind/good-first-issue Denotes an issue ready for a new contributor. labels Nov 23, 2023
@ckcd
Copy link
Contributor

ckcd commented Feb 18, 2024
edited

Hi @gabo1208 , do you means that we should add more conditions such as Succeeded and put the failure detail into this condition when create failed ?

This was referenced Feb 18, 2024
Closed
Merged
@ckcd
Copy link
Contributor

ckcd commented Feb 18, 2024

/assign

@gabo1208
Copy link
Member Author

Sorry the delay @ckcd I also mean that in some point if a certificate is failing we could bubble down to the routes an error that says (certificate is failing)

Also a timeout for it to work

the ´add IsFailed´ PR is a good start, but when a certificate fails and you have to check if it's a certificates fault right now is not user friendly (or obvious) to the en user

@xiangpingjiang xiangpingjiang removed their assignment Feb 21, 2024
@ckcd
Copy link
Contributor

ckcd commented Feb 22, 2024

@gabo1208 Thanks for your reply! Next I will try to enhance the status propagate when a certificate fails.

@ckcd ckcd mentioned this issue Feb 29, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ckcd ckcd

Labels
area/networking good first issue Denotes an issue ready for a new contributor, according to the "help wanted" guidelines. kind/feature Well-understood/specified features, ready for coding.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat: bubble up kcert status message when it's failed ckcd/serving
5 participants
@dprotaso @gabo1208 @ckcd @ReToCode @xiangpingjiang