New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Cert config option #4069
Cert config option #4069
Conversation
Hi @cchengleo. Thanks for your PR. I'm waiting for a kubevirt member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Hi @cchengleo. Thanks for your PR. I'm waiting for a kubevirt member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/ok-to-test |
e216ec1
to
191a6bb
Compare
/test pull-kubevirt-e2e-k8s-cnao-1.17 |
@cchengleo: The specified target(s) for
Use In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/retest |
c2b971e
to
790d021
Compare
…s for virt-handler, virt-controller and virt-api to accommodate varying rules around certificate validation. Signed-off-by: Cheng Cheng <chengcheng@apple.com>
…g up the chain of trust in cert validation for virt-handler and virt-api Signed-off-by: Cheng Cheng <chengcheng@apple.com>
When cert and key file are in different directories, cert-manager should still load the certificate. Signed-off-by: Cheng Cheng <chengcheng@apple.com>
If the certificates are externally managed, setting this flag will allow ntermediate certificates to be used in building up the chain of trust in client certificate validation. In addition, verification of hardcoded CN will not be skipped. Signed-off-by: Cheng Cheng <chengcheng@apple.com>
790d021
to
f88c194
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hey, thanks for the PR! Looks good already in general, some minor things I still have though.
7e71ed9
to
14b4c53
Compare
Signed-off-by: Cheng Cheng <chengcheng@apple.com>
14b4c53
to
00a2f51
Compare
/retest |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hey, two quick suggestions.
- Add unit-test for verifing externally-managed certificate TLS setup - Refactor to remove duplicated blocks. Signed-off-by: Cheng Cheng <chengcheng@apple.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the PR!
/lgtm
Note: I noticed that there is no functest added, I guess that that will be very much work regarding certificate generation and setup, no?
Thanks for the review! I would add more functions tests in the follow-up PR. Generating root certs and mint intermediate certs do take some effort. |
/assign @AlonaKaplan |
/approve Very nice PR. Looking forward to the next PR which will add functional tests. |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: rmohr The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Thanks for the review. I'll add functional tests in the following up PR. |
/unassign @AlonaKaplan |
What this PR does / why we need it:
This change is the first part of resolving #3648
Which issue(s) this PR fixes (optional, in
fixes #<issue number>(, fixes #<issue_number>, ...)
format, will close the issue(s) when PR gets merged):Fixes #3648
Special notes for your reviewer:
Release note: