[release-4.9] Bug 2029504: encryption-controller: sync secrets conditionally #518

dgrisonnet · 2021-12-07T08:51:39Z

Backport of #506 to release-4.9.

If the Bugzilla associated with the PR has the "FastFix" keyword, the subjective assessment on the issue has already been done and a customer is impacted. These PRs should be prioritized for merge.
- verified
- does not apply
The bug has significant impact either through severity, reduction in supportability, or number of users affected.
- verified
- does not apply
For branches that are in the Maintenance lifecycle phase:
- The bug is a critical fix, no reasonable workaround exists, and a recommendation for upgrade has been ruled out, or
- The bug is a security related bug
- Branch not in maintenance mode yet (current release + previous release for 90 days after current GA; everything older is in maintenance)
The severity field of the bug must be set to accurately reflect criticality.
- verified
The PR was created with the cherry-pick bot OR the PR’s description is well formed with user-focused release notes that state the bug number, impact, cause, and resolution. Where appropriate, it should also contain information about how a user can identify whether a particular cluster is affected.
- verified

openshift-ci · 2021-12-07T08:51:46Z

@dgrisonnet: This pull request references Bugzilla bug 2029504, which is valid. The bug has been updated to refer to the pull request using the external bug tracker.

6 validation(s) were run on this bug

bug is open, matching expected state (open)
bug target release (4.9.z) matches configured target release for branch (4.9.z)
bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, ON_DEV, POST, POST)
dependent bug Bugzilla bug 1982726 is in the state VERIFIED, which is one of the valid states (VERIFIED, RELEASE_PENDING, CLOSED (ERRATA), CLOSED (CURRENTRELEASE))
dependent Bugzilla bug 1982726 targets the "4.10.0" release, which is one of the valid target releases: 4.10.0
bug has dependents

Requesting review from QA contact:
/cc @gangwgr

In response to this:

[release-4.9] Bug 2029504: encryption-controller: sync secrets conditionally

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

dgrisonnet · 2021-12-07T08:52:39Z

/assign @stlaz

openshift-ci · 2021-12-08T15:32:15Z

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: dgrisonnet
To complete the pull request process, please ask for approval from stlaz after the PR has been reviewed.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

Signed-off-by: Damien Grisonnet <dgrisonn@redhat.com>

Update the version of library-go to include the latest changes that allow the encryption controller to synchronize the encryption-config secret only when the encryption controller should be run. This prevents the secrets from being unnecessarily deleted in the apiserver namespace whenever it doesn't exist in the config-managed namespace. Signed-off-by: Damien Grisonnet <dgrisonn@redhat.com>

dgrisonnet · 2021-12-09T14:02:48Z

/retest-required

dgrisonnet · 2021-12-09T17:10:25Z

/retest-required

dgrisonnet · 2021-12-20T16:33:39Z

/retest

dgrisonnet · 2021-12-21T08:37:03Z

/retest

dgrisonnet · 2021-12-21T10:33:11Z

/retest

dgrisonnet · 2021-12-21T14:23:26Z

/retest

dgrisonnet · 2021-12-22T13:50:41Z

/retest

dgrisonnet · 2022-01-10T18:46:43Z

/retest

openshift-ci · 2022-01-10T20:59:38Z

@dgrisonnet: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/e2e-agnostic-upgrade	`cb2eed9`	link	true	`/test e2e-agnostic-upgrade`

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

openshift-ci · 2022-01-19T02:15:59Z

@dgrisonnet: PR needs rebase.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

dgrisonnet · 2022-01-28T14:19:51Z

Closing as the changes were made as a side effect of #535

openshift-ci · 2022-01-28T14:19:57Z

@dgrisonnet: This pull request references Bugzilla bug 2029504. The bug has been updated to no longer refer to the pull request using the external bug tracker.

In response to this:

[release-4.9] Bug 2029504: encryption-controller: sync secrets conditionally

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

openshift-ci bot added bugzilla/severity-low Referenced Bugzilla bug's severity is low for the branch this PR is targeting. bugzilla/valid-bug Indicates that a referenced Bugzilla bug is valid for the branch this PR is targeting. labels Dec 7, 2021

openshift-ci bot requested a review from gangwgr December 7, 2021 08:51

openshift-ci bot requested review from stlaz and sttts December 7, 2021 08:53

openshift-ci bot assigned stlaz Dec 7, 2021

dgrisonnet force-pushed the bz-2029504 branch from 41bc040 to 35f6f85 Compare December 8, 2021 15:13

openshift-ci bot mentioned this pull request Dec 9, 2021

[release-4.9] Bug 2029504: encryption-controller: sync secrets conditionally openshift/cluster-openshift-apiserver-operator#487

Merged

9 tasks

dgrisonnet force-pushed the bz-2029504 branch from 35f6f85 to 854ecfc Compare December 9, 2021 09:09

dgrisonnet added 2 commits December 9, 2021 10:46

bump(library-go,golang,etcd)

da74335

Signed-off-by: Damien Grisonnet <dgrisonn@redhat.com>

dgrisonnet force-pushed the bz-2029504 branch from 854ecfc to cb2eed9 Compare December 9, 2021 09:47

openshift-ci bot mentioned this pull request Dec 10, 2021

[release-4.9] Bug 2029504: encryption-controller: sync secrets conditionally openshift/cluster-kube-apiserver-operator#1268

Merged

9 tasks

openshift-ci bot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Jan 19, 2022

dgrisonnet closed this Jan 28, 2022

[release-4.9] Bug 2029504: encryption-controller: sync secrets conditionally #518

[release-4.9] Bug 2029504: encryption-controller: sync secrets conditionally #518

Uh oh!

Conversation

dgrisonnet commented Dec 7, 2021

Uh oh!

openshift-ci bot commented Dec 7, 2021

Uh oh!

dgrisonnet commented Dec 7, 2021

Uh oh!

openshift-ci bot commented Dec 8, 2021

Uh oh!

dgrisonnet commented Dec 9, 2021

Uh oh!

dgrisonnet commented Dec 9, 2021

Uh oh!

dgrisonnet commented Dec 20, 2021

Uh oh!

dgrisonnet commented Dec 21, 2021

Uh oh!

dgrisonnet commented Dec 21, 2021

Uh oh!

dgrisonnet commented Dec 21, 2021

Uh oh!

dgrisonnet commented Dec 22, 2021

Uh oh!

dgrisonnet commented Jan 10, 2022

Uh oh!

openshift-ci bot commented Jan 10, 2022

Uh oh!

openshift-ci bot commented Jan 19, 2022

Uh oh!

dgrisonnet commented Jan 28, 2022

Uh oh!

openshift-ci bot commented Jan 28, 2022

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants