Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make caBundle available to kubermatic-api when it is configured but n… #5968

Merged
merged 3 commits into from
Oct 8, 2020
Merged

Make caBundle available to kubermatic-api when it is configured but n… #5968

merged 3 commits into from
Oct 8, 2020

Conversation

erdii
Copy link
Contributor

@erdii erdii commented Sep 29, 2020
edited by xrstf
Loading

What this PR does / why we need it: Make caBundle available to kubermatic-api when it is configured but no OIDCKubeCfgEndpoint feature-flag is set.

This enables users to use a custom root CA for dex.

Which issue(s) this PR fixes (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close the issue(s) when PR gets merged):
Fixes #

Special notes for your reviewer:

Documentation:

Does this PR introduce a user-facing change?:

Always mount CABundle for Dex into the kubermatic-api, even when `OIDCKubeCfgEndpoint` is disabled.

@kubermatic-bot kubermatic-bot added dco-signoff: yes Denotes that all commits in the pull request have the valid DCO signoff message. do-not-merge/release-note-label-needed Indicates that a PR should not merge because it's missing one of the release note labels. size/M Denotes a PR that changes 30-99 lines, ignoring generated files. team/lifecycle release-note-none Denotes a PR that doesn't merit a release note. release-note Denotes a PR that will be considered when it comes time to generate release notes. and removed do-not-merge/release-note-label-needed Indicates that a PR should not merge because it's missing one of the release note labels. release-note-none Denotes a PR that doesn't merit a release note. labels Sep 29, 2020
xrstf
xrstf requested changes Sep 29, 2020
View reviewed changes
Copy link
Contributor

@xrstf xrstf left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please ensure that the kubermatic Helm chart behaves the same way.

@erdii
Copy link
Contributor Author

erdii commented Sep 30, 2020

/retest

@erdii
Copy link
Contributor Author

erdii commented Sep 30, 2020

git diff HEAD~

diff --git a/charts/kubermatic/Chart.yaml b/charts/kubermatic/Chart.yaml
index 2f1e7ee5f..7c97a8aeb 100644
--- a/charts/kubermatic/Chart.yaml
+++ b/charts/kubermatic/Chart.yaml
@@ -14,7 +14,7 @@
 
 apiVersion: v1
 name: kubermatic
-version: 1.1.15
+version: 1.1.16
 appVersion: '__KUBERMATIC_TAG__'
 description: Kubermatic chart for master and/or seed clusters.
 keywords:
diff --git a/charts/kubermatic/templates/kubermatic-api-dep.yaml b/charts/kubermatic/templates/kubermatic-api-dep.yaml
index 0061a3525..11a3f110a 100644
--- a/charts/kubermatic/templates/kubermatic-api-dep.yaml
+++ b/charts/kubermatic/templates/kubermatic-api-dep.yaml
@@ -71,11 +71,11 @@ spec:
         - -accessible-addons={{- (.Files.Get "static/master/accessible-addons.yaml" | fromYaml).addons | join "," }}
         {{- end }}
         - -feature-gates={{ .Values.kubermatic.api.featureGates }}
-        # the following flags enable oidc kubeconfig feature/endpoint
-        {{- if regexMatch ".*OIDCKubeCfgEndpoint=true.*" (default "" .Values.kubermatic.api.featureGates) }}
         {{- if .Values.kubermatic.auth.caBundle }}
         - -oidc-ca-file=/opt/dex-ca/caBundle.pem
         {{- end }}
+        # the following flags enable oidc kubeconfig feature/endpoint
+        {{- if regexMatch ".*OIDCKubeCfgEndpoint=true.*" (default "" .Values.kubermatic.api.featureGates) }}
         - -oidc-issuer-redirect-uri={{ .Values.kubermatic.auth.issuerRedirectURL }}
         - -oidc-issuer-client-id={{ .Values.kubermatic.auth.issuerClientID }}
         - -oidc-issuer-client-secret={{ .Values.kubermatic.auth.issuerClientSecret }}

[2020-09-30T15:24:04+0000] Chart kubermatic was modified but its version (1.1.16) was not changed. Please adjust charts/kubermatic/Chart.yaml.

I am confused...

@erdii erdii requested a review from xrstf October 1, 2020 07:59
@xrstf
Copy link
Contributor

xrstf commented Oct 1, 2020

[2020-09-30T15:24:04+0000] Chart kubermatic was modified but its version (1.1.16) was not changed. Please adjust charts/kubermatic/Chart.yaml.
I am confused...

@erdii Since you opened your PR, another PR got merged that bumped the version in master branch to 1.1.16 already. So you have to bump even harder.

@kubermatic-bot kubermatic-bot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Oct 8, 2020
erdii and others added 3 commits October 8, 2020 16:03
@erdii @xrstf
Make caBundle available to kubermatic-api when it is configured but n…
2c994d4 
…o OIDCKubeCfgEndpoint feature-flag is set

This enables users to use a custom root CA for dex.
@erdii @xrstf
reflect eae2722 for chart-based setup (ability to pass custom caBundl…
15a1ac3 
…e to kubermatic-api without having to enable OIDC delegation)
@xrstf
bump chart version
4c8b0d5
@kubermatic-bot kubermatic-bot removed the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Oct 8, 2020
xrstf
xrstf approved these changes Oct 8, 2020
View reviewed changes
Copy link
Contributor

@xrstf xrstf left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/approve

@kubermatic-bot kubermatic-bot added the lgtm Indicates that a PR is ready to be merged. label Oct 8, 2020
@kubermatic-bot
Copy link
Contributor

LGTM label has been added.

Git tree hash: c5a6e03842eef100b55f3c2793c15cf37994193e

@kubermatic-bot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: erdii, xrstf

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@kubermatic-bot kubermatic-bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Oct 8, 2020
@kubermatic-bot kubermatic-bot merged commit 81fae55 into kubermatic:master Oct 8, 2020
@xrstf
Copy link
Contributor

xrstf commented Oct 8, 2020

/cherrypick release/v2.15

@kubermatic-bot kubermatic-bot mentioned this pull request Oct 8, 2020
Merged
@kubermatic-bot
Copy link
Contributor

@xrstf: new pull request created: #6010

In response to this:

/cherrypick release/v2.15

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@xrstf xrstf xrstf approved these changes

Assignees

@xrstf xrstf

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. dco-signoff: yes Denotes that all commits in the pull request have the valid DCO signoff message. lgtm Indicates that a PR is ready to be merged. release-note Denotes a PR that will be considered when it comes time to generate release notes. size/M Denotes a PR that changes 30-99 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@erdii @xrstf @kubermatic-bot