Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support intermediate certificate in certificate store #88744

Merged

Conversation

@jackkleeman
Copy link
Member

jackkleeman commented Mar 2, 2020

What type of PR is this?

/kind feature

What this PR does / why we need it:
Currently the certificate store only write a single certificate into its certificate file, even if Update is provided with a certificate chain. We'd like kubelet rotation to be able to handle intermediates, so we should write the full chain, in order given, into the file, and parse it back out again into a tls Certificate.

Does this PR introduce a user-facing change?:

client-go certificate manager rotation gained the ability to preserve optional intermediate chains accompanying issued certificates
@enj

This comment has been minimized.

Copy link
Member

enj commented Mar 2, 2020

/milestone v1.18
/priority important-soon
/kind bug

@jackkleeman

This comment has been minimized.

Copy link
Member Author

jackkleeman commented Mar 2, 2020

/assign @liggitt

@enj

This comment has been minimized.

Copy link
Member

enj commented Mar 2, 2020

/lgtm

@enj

This comment has been minimized.

Copy link
Member

enj commented Mar 2, 2020

/retest

@jackkleeman jackkleeman force-pushed the jackkleeman:kubelet-handle-intermed branch from 457d3a3 to 83a223f Mar 2, 2020
@k8s-ci-robot k8s-ci-robot removed the lgtm label Mar 2, 2020
@jackkleeman

This comment has been minimized.

Copy link
Member Author

jackkleeman commented Mar 2, 2020

Pushed fixing a typo in comment

@liggitt

This comment has been minimized.

Copy link
Member

liggitt commented Mar 2, 2020

from https://prow.k8s.io/view/gcs/kubernetes-jenkins/pr-logs/pull/88744/pull-kubernetes-node-e2e-containerd/1234575403197140992/:

OCI runtime start failed: container process is already dead: unknown

from https://prow.k8s.io/view/gcs/kubernetes-jenkins/pr-logs/pull/88744/pull-kubernetes-e2e-kind/1234575396477865984:

	[WARNING SystemVerification]: failed to parse kernel config: unable to load kernel module: "configs", output: "modprobe: FATAL: Module configs not found in directory /lib/modules/4.15.0-1044-gke\n", err: exit status 1
I0302 20:35:16.044568     142 checks.go:406] checking whether the given node name is reachable using net.LookupHost
[preflight] The system verification failed. Printing the output from the verification:
KERNEL_VERSION: 4.15.0-1044-gke
OS: Linux
CGROUPS_CPU: enabled
CGROUPS_CPUACCT: enabled
CGROUPS_CPUSET: enabled
CGROUPS_DEVICES: enabled
CGROUPS_FREEZER: enabled
CGROUPS_MEMORY: enabled

/retest

@liggitt

This comment has been minimized.

Copy link
Member

liggitt commented Mar 2, 2020

change matches my expectations

/lgtm
/approve

@k8s-ci-robot k8s-ci-robot added the lgtm label Mar 2, 2020
@k8s-ci-robot

This comment has been minimized.

Copy link
Contributor

k8s-ci-robot commented Mar 2, 2020

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: jackkleeman, liggitt

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot merged commit 79e1ad2 into kubernetes:master Mar 3, 2020
16 checks passed
16 checks passed
cla/linuxfoundation jackkleeman authorized
Details
pull-kubernetes-bazel-build Job succeeded.
Details
pull-kubernetes-bazel-test Job succeeded.
Details
pull-kubernetes-dependencies Job succeeded.
Details
pull-kubernetes-e2e-gce Job succeeded.
Details
pull-kubernetes-e2e-gce-100-performance Job succeeded.
Details
pull-kubernetes-e2e-gce-device-plugin-gpu Job succeeded.
Details
pull-kubernetes-e2e-kind Job succeeded.
Details
pull-kubernetes-e2e-kind-ipv6 Job succeeded.
Details
pull-kubernetes-integration Job succeeded.
Details
pull-kubernetes-kubemark-e2e-gce-big Job succeeded.
Details
pull-kubernetes-node-e2e Job succeeded.
Details
pull-kubernetes-node-e2e-containerd Job succeeded.
Details
pull-kubernetes-typecheck Job succeeded.
Details
pull-kubernetes-verify Job succeeded.
Details
tide In merge pool.
Details
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

4 participants
You can’t perform that action at this time.