Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Continue refactoring certs into nodeup #9354

Merged
merged 3 commits into from
Jul 7, 2020
Merged

Continue refactoring certs into nodeup #9354

merged 3 commits into from
Jul 7, 2020

Conversation

johngmyers
Copy link
Member

@johngmyers johngmyers commented Jun 13, 2020
edited
Loading

Finally got the api-server server cert. It took a lot of refactoring to get here.

@k8s-ci-robot k8s-ci-robot added do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels Jun 13, 2020
@k8s-ci-robot k8s-ci-robot added area/api area/nodeup area/provider/aws Issues or PRs related to aws provider area/provider/digitalocean Issues or PRs related to digitalocean provider area/provider/openstack Issues or PRs related to openstack provider labels Jun 13, 2020
@k8s-ci-robot k8s-ci-robot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Jun 19, 2020
@k8s-ci-robot k8s-ci-robot removed the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Jun 29, 2020
@johngmyers johngmyers changed the title WIP continue refactoring certs into nodeup Continue refactoring certs into nodeup Jun 29, 2020
@k8s-ci-robot k8s-ci-robot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Jun 29, 2020
@johngmyers johngmyers changed the title Continue refactoring certs into nodeup WIP Continue refactoring certs into nodeup Jun 29, 2020
@k8s-ci-robot k8s-ci-robot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Jun 29, 2020
@johngmyers johngmyers changed the title WIP Continue refactoring certs into nodeup Continue refactoring certs into nodeup Jun 29, 2020
@k8s-ci-robot k8s-ci-robot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Jun 29, 2020
@rifelpet
Copy link
Member

rifelpet commented Jul 6, 2020

/lgtm
/approve

When someone upgrades to a version of Kops that includes these refactors, they'll be left with orphaned certificates in their state store correct? Perhaps we'll want to include a release note on cleaning them up after upgrading.

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Jul 6, 2020
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: johngmyers, rifelpet

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jul 6, 2020
@johngmyers
Copy link
Member Author

They will, but then they'll also have the CA private keys in the state store. This would be more of a concern for keys that can be accessed from worker nodes.

@rifelpet
Copy link
Member

rifelpet commented Jul 6, 2020

ah thats true. anything that currently has read access to the orphaned certs and private keys also has read access to the CA private keys 👍

@johngmyers
Copy link
Member Author

/retest

@k8s-ci-robot k8s-ci-robot merged commit 0c62641 into kubernetes:master Jul 7, 2020
@k8s-ci-robot k8s-ci-robot added this to the v1.19 milestone Jul 7, 2020
@johngmyers johngmyers deleted the refactor-certs-2 branch July 7, 2020 00:24
This was referenced Jul 8, 2020
Closed
Closed
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gjtempleton gjtempleton Awaiting requested review from gjtempleton

@zetaab zetaab Awaiting requested review from zetaab

Assignees

@rifelpet rifelpet

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. area/api area/nodeup area/provider/aws Issues or PRs related to aws provider area/provider/digitalocean Issues or PRs related to digitalocean provider area/provider/openstack Issues or PRs related to openstack provider cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.
Projects
None yet
Milestone
v1.19
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@johngmyers @rifelpet @k8s-ci-robot