New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
The cert-manager version we are using is not supported by letsencrypt. #14944
Comments
I am very inclined to switch to GKE-managed certs. |
see #14945 for what that would ultimately look like. |
what's the current status on this? |
We need someone (@fejta, probably) to change over the kubernetes and kubernetes-sigs webhooks to point at https://prow-canary.k8s.io instead of https://prow.k8s.io, and then we can perform the switchover during some low-traffic time. We have until January 6th to actually execute this plan, but sooner is better than later. |
Switching https://prow.k8s.io/hook to https://prow-canary.k8s.io/ |
Done |
Do you mean https://prow-canary.k8s.io/hook? |
Yes, and we're getting 200s
|
/pony |
In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/assign @fejta @Katharine @clarketm Want to try and flip this over this week? |
Bueller? |
We are currently using version
v0.5.2
:test-infra/prow/cluster/cert-manager.yaml
Line 155 in 7abdd3f
Unfortunately there are backwards incompatible changes that make upgrading cert-manager more complicated than just changing the image version: https://docs.cert-manager.io/en/latest/tasks/upgrading/
The current certificate for prow.k8s.io is good until Monday, January 6, 2020 at 11:47:17 AM
/kind oncall-hotlist
@Katharine @fejta @BenTheElder @stevekuznetsov
I know we have discussed using Google managed SSL certificates for prow.k8s.io. If we want to make that change now would be a good time.
The text was updated successfully, but these errors were encountered: