New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Use svc.cluster.local as default domain #13259
Conversation
Codecov ReportBase: 86.52% // Head: 86.49% // Decreases project coverage by
Additional details and impacted files@@ Coverage Diff @@
## main #13259 +/- ##
==========================================
- Coverage 86.52% 86.49% -0.04%
==========================================
Files 196 196
Lines 14526 14526
==========================================
- Hits 12569 12564 -5
- Misses 1659 1663 +4
- Partials 298 299 +1
Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here. ☔ View full report at Codecov. |
Need to wait on #13283 to run the kind e2e tests |
Signed-off-by: Paul S. Schweigert <paul@paulschweigert.com>
Signed-off-by: Paul S. Schweigert <paul@paulschweigert.com>
Signed-off-by: Paul S. Schweigert <paul@paulschweigert.com>
Signed-off-by: Paul S. Schweigert <paul@paulschweigert.com>
ddacd8b
to
ff3ffe8
Compare
We probably want to update the comment in |
pkg/reconciler/nscert/nscert_test.go
Outdated
@@ -623,7 +623,7 @@ func networkConfig() *netcfg.Config { | |||
func domainConfig() *routecfg.Domain { | |||
domainConfig := &routecfg.Domain{ | |||
Domains: map[string]*routecfg.LabelSelector{ | |||
"example.com": {}, | |||
"svc.cluster.local": {}, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we should keep example.com
for this nscert test.
net-certmanager does not create certificates for cluster local (svc.cluster.local
) so we should assume that users set the domain as example.com
as it is.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
sounds good... in that vein, I added an overlay to set the domain for some of the e2e tests, let me know if you think we should remove that
Signed-off-by: Paul S. Schweigert <paul@paulschweigert.com>
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: psschwei The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
/lgtm Thank you! LGTM. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
there are a couple of other spots that I think need updating as well
- in the test readme, its says
If you set up your cluster using the getting started docs, Routes created in the test will use the domain example.com
-serving/test/config/tls/generate.sh
Line 22 in 6d3d676
openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -subj '/O=Knative Community/CN=example.com' -keyout rootCAKey.pem -out rootCACert.pem openssl req -x509 -sha256 -new -nodes -key rootCAKey.pem -days 36500 -out rootCACert.pem -subj '/CN=example.com/O=Knative Community/C=US'
there might be something else I missed
# These are example settings of domain. | ||
# example.com will be used for all routes, but it is the least-specific rule so it | ||
# will only be used if no other domain matches. | ||
example.com: | |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
should we change this in the example for clarity?
For the
We would like to test the TLS with the external domain so it is OK to keep |
Sgtm |
this is merged, is this PR here ready to remove the hold? |
Not yet, we gave until Sept |
Had no objections on the mailing list, so going to remove the hold on this tomorrow |
/hold cancel |
Signed-off-by: Paul S. Schweigert paul@paulschweigert.com
Fixes #13182
Release Note
/hold