Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bug 1794313: Some cluster operators fail to come up because RHV CA is not trusted by a pod #40

Merged
merged 2 commits into from Mar 18, 2020
Merged

Bug 1794313: Some cluster operators fail to come up because RHV CA is not trusted by a pod #40

merged 2 commits into from Mar 18, 2020

Conversation

rgolangh
Copy link

oVirt API over SSL should be verified against a proper CA. It is expected
by the deployment to pass the CA bundle that container oVirt's CA and keep
it in ovirt-credentials secret, under 'ovirt_ca_bundle'.

When it's there, save it to disk, and use it as the api connection CA file.

Another option was to seriailize the secret and extract the CA bundle
directly to /etc/ssl/certs but that mandates a deployment change, and
moving that logic to the deployment part.

If the CA bundle doesn't exist the deploymnent can still handle that by
changing the CA sources on the container.

@rgolangh
Bump ovirt sdk
befa20d 
Signed-off-by: Roy Golan <rgolan@redhat.com>
@rgolangh
Use the CA bundle from the credentials when possible
824e4b8 
oVirt API over SSL should be verified against a proper CA. It is
expected by the deployment to pass the CA bundle that container oVirt's
CA and keep it in ovirt-credentials secret, under 'ovirt_ca_bundle'.

When it's there, save it to disk, and use it as the api connection CA
file.

Another option was to seriailize the secret and extract the CA bundle
directly to /etc/ssl/certs but that mandates a deployment change, and
moving that logic to the deployment part.

If the CA bundle doesn't exist the deploymnent can still handle that
by changing the CA sources on the container.

Signed-off-by: Roy Golan <rgolan@redhat.com>
@openshift-ci-robot openshift-ci-robot added the bugzilla/invalid-bug Indicates that a referenced Bugzilla bug is invalid for the branch this PR is targeting. label Mar 16, 2020
@openshift-ci-robot
Copy link

@rgolangh: This pull request references Bugzilla bug 1811760, which is invalid:

  • expected the bug to target the "4.5.0" release, but it targets "4.4.0" instead

Comment /bugzilla refresh to re-evaluate validity if changes to the Bugzilla bug are made, or edit the title of this pull request to link to a different bug.

In response to this:

Bug 1811760: Some cluster operators fail to come up because RHV CA is not trusted by a pod

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openshift-ci-robot openshift-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Mar 16, 2020
@rgolangh rgolangh changed the title Bug 1811760: Some cluster operators fail to come up because RHV CA is not trusted by a pod Bug 1794313: Some cluster operators fail to come up because RHV CA is not trusted by a pod Mar 16, 2020
@openshift-ci-robot openshift-ci-robot removed the bugzilla/invalid-bug Indicates that a referenced Bugzilla bug is invalid for the branch this PR is targeting. label Mar 16, 2020
@openshift-ci-robot
Copy link

@rgolangh: No Bugzilla bug is referenced in the title of this pull request.
To reference a bug, add 'Bug XXX:' to the title of this pull request and request another bug refresh with /bugzilla refresh.

In response to this:

Bug 1794313: Some cluster operators fail to come up because RHV CA is not trusted by a pod

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@rgolangh
Copy link
Author

/bugzilla refresh

@rgolangh
Copy link
Author

@bennyz PTAL

@openshift-ci-robot
Copy link

@rgolangh: No Bugzilla bug is referenced in the title of this pull request.
To reference a bug, add 'Bug XXX:' to the title of this pull request and request another bug refresh with /bugzilla refresh.

In response to this:

/bugzilla refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@sdodson
Copy link
Member

sdodson commented Mar 17, 2020

/bugzilla refresh

@openshift-ci-robot
Copy link

@sdodson: No Bugzilla bug is referenced in the title of this pull request.
To reference a bug, add 'Bug XXX:' to the title of this pull request and request another bug refresh with /bugzilla refresh.

In response to this:

/bugzilla refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@sdodson
Copy link
Member

sdodson commented Mar 17, 2020

/retitle Bug 1794313: Some cluster operators fail to come up because RHV CA is not trusted by a pod

@openshift-ci-robot openshift-ci-robot changed the title Bug 1794313: Some cluster operators fail to come up because RHV CA is not trusted by a pod Bug 1794313: Some cluster operators fail to come up because RHV CA is not trusted by a pod Mar 17, 2020
@openshift-ci-robot
Copy link

@rgolangh: This pull request references Bugzilla bug 1794313, which is valid. The bug has been moved to the POST state. The bug has been updated to refer to the pull request using the external bug tracker.

3 validation(s) were run on this bug
  • bug is open, matching expected state (open)
  • bug target release (4.5.0) matches configured target release for branch (4.5.0)
  • bug is in the state ASSIGNED, which is one of the valid states (NEW, ASSIGNED, ON_DEV, POST, POST)

In response to this:

Bug 1794313: Some cluster operators fail to come up because RHV CA is not trusted by a pod

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openshift-ci-robot openshift-ci-robot added the bugzilla/valid-bug Indicates that a referenced Bugzilla bug is valid for the branch this PR is targeting. label Mar 17, 2020
@bennyz
Copy link
Member

bennyz commented Mar 18, 2020

/lgtm

@openshift-ci-robot openshift-ci-robot added the lgtm Indicates that a PR is ready to be merged. label Mar 18, 2020
@openshift-ci-robot
Copy link

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: bennyz, rgolangh

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-merge-robot openshift-merge-robot merged commit 2618686 into openshift:master Mar 18, 2020
@openshift-ci-robot
Copy link

@rgolangh: All pull requests linked via external trackers have merged. Bugzilla bug 1794313 has been moved to the MODIFIED state.

In response to this:

Bug 1794313: Some cluster operators fail to come up because RHV CA is not trusted by a pod

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@rgolangh
Copy link
Author

/cherry-pick 4.4

@openshift-cherrypick-robot
Copy link

@rgolangh: cannot checkout 4.4: error checking out 4.4: exit status 1. output: error: pathspec '4.4' did not match any file(s) known to git.

In response to this:

/cherry-pick 4.4

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@rgolangh
Copy link
Author

/cherry-pick release-4.4

@openshift-cherrypick-robot openshift-cherrypick-robot mentioned this pull request Mar 18, 2020
Merged
@openshift-cherrypick-robot
Copy link

@rgolangh: new pull request created: #42

In response to this:

/cherry-pick release-4.4

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bennyz bennyz bennyz approved these changes

Assignees

@bennyz bennyz

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. bugzilla/valid-bug Indicates that a referenced Bugzilla bug is valid for the branch this PR is targeting. lgtm Indicates that a PR is ready to be merged.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
6 participants
@rgolangh @openshift-ci-robot @sdodson @bennyz @openshift-cherrypick-robot @openshift-merge-robot