Skip to content

Switch to ManagedCertificate for Triage-Party. #1942

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Apr 30, 2021
Merged

Switch to ManagedCertificate for Triage-Party. #1942

merged 1 commit into from
Apr 30, 2021

Conversation

@ameukam
Copy link
Member

@ameukam ameukam commented Apr 16, 2021

Use a Google-managed SSL certificate through ManagedCertificate
for Triage-Party.

Signed-off-by: Arnaud Meukam ameukam@gmail.com

@k8s-ci-robot k8s-ci-robot added cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. area/release-eng Issues or PRs related to the Release Engineering subproject labels Apr 16, 2021
@k8s-ci-robot k8s-ci-robot added sig/release Categorizes an issue or PR as relevant to SIG Release. approved Indicates a PR has been approved by an approver from all required OWNERS files. wg/k8s-infra size/S Denotes a PR that changes 10-29 lines, ignoring generated files. labels Apr 16, 2021
@ameukam
Copy link
Member Author

ameukam commented Apr 16, 2021

GKE cluster aaa is now 1.17.17:

gcloud container clusters describe aaa --format='value(currentMasterVersion)' --region=us-central1
1.17.17-gke.2800

and meet the requirement to use the GA version of ManagedCertificate.

/hold

@k8s-ci-robot k8s-ci-robot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Apr 16, 2021
@ameukam ameukam mentioned this pull request Apr 16, 2021
Open
8 tasks
@ameukam
Switch to ManagedCertificate for Triage-Party.
44d2d1b 
Use a Google-managed SSL certificate through `ManagedCertificate`
for Triage-Party.

Signed-off-by: Arnaud Meukam <ameukam@gmail.com>
@ameukam ameukam force-pushed the managed-certificate-tp branch from 210d2b4 to 44d2d1b Compare April 22, 2021 18:15
@ameukam
Copy link
Member Author

ameukam commented Apr 22, 2021

/assign @cpanato

@ameukam
Copy link
Member Author

ameukam commented Apr 23, 2021

/hold cancel

@k8s-ci-robot k8s-ci-robot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Apr 23, 2021
cpanato
cpanato reviewed Apr 23, 2021
View reviewed changes
Copy link
Member

@cpanato cpanato left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgmt

/hold to wait when @ameukam is ready to deploy

@k8s-ci-robot k8s-ci-robot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Apr 23, 2021
@cpanato
Copy link
Member

cpanato commented Apr 30, 2021

/lgtm
/approve

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Apr 30, 2021
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: ameukam, cpanato

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@ameukam
Copy link
Member Author

ameukam commented Apr 30, 2021

/hold cancel

@k8s-ci-robot k8s-ci-robot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Apr 30, 2021
@k8s-ci-robot k8s-ci-robot merged commit 7c6c800 into kubernetes:main Apr 30, 2021
@k8s-ci-robot k8s-ci-robot added this to the v1.22 milestone Apr 30, 2021
@ameukam
Copy link
Member Author

ameukam commented Apr 30, 2021

Ingress is configured with a new TLS certificate provided by Google :

openssl s_client -showcerts -connect release.triage.k8s.io:443
CONNECTED(00000003)
depth=2 C = US, O = Google Trust Services LLC, CN = GTS Root R1
verify return:1
depth=1 C = US, O = Google Trust Services LLC, CN = GTS CA 1D4
verify return:1
depth=0 CN = release.triage.k8s.io
verify return:1

https://www.ssllabs.com/ssltest/analyze.html?d=release.triage.k8s.io

@ameukam
Copy link
Member Author

ameukam commented May 25, 2021

The old certificate is removed :

kubectl delete certificate release-triage-k8s-io -n triageparty-release
certificate.cert-manager.io "release-triage-k8s-io" deleted

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@hasheddan hasheddan Awaiting requested review from hasheddan

@idealhack idealhack Awaiting requested review from idealhack

1 more reviewer

@cpanato cpanato cpanato left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@cpanato cpanato

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. area/release-eng Issues or PRs related to the Release Engineering subproject cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. sig/release Categorizes an issue or PR as relevant to SIG Release. size/S Denotes a PR that changes 10-29 lines, ignoring generated files.

Projects

None yet

Milestone

v1.22

Development

Successfully merging this pull request may close these issues.

3 participants

@ameukam @cpanato @k8s-ci-robot