New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[release-4.7] Bug 1932649: Canary: Add edge termination to canary route #558
[release-4.7] Bug 1932649: Canary: Add edge termination to canary route #558
Conversation
This commit adds edge termination to the canary route. If you use an external loadbalancer that redirects all http traffic to https (us in our case) this route will not serve its purpose and the openshift-ingress-operator will be degraded during an upgrade. Setting it to 'edge' termination should always work.
@sgreene570: This pull request references Bugzilla bug 1932649, which is invalid:
Comment In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/lgtm |
34a2e0f
to
485f7e0
Compare
Forgot to update the canary e2e test earlier. Should be fixed by 485f7e0. |
/lgtm |
Commit c98416 switched the canary route from a cleartext route to an edge terminated route. In order for canary probes to succeed, the canary client needs to skip TLS verification, since the router's default certificate may be a self-signed certificate. This change is temporary, since ideally the router's default certificate (or a new certificate for the canary route) would be added to the canary client's trust bundle.
485f7e0
to
8a2f2f7
Compare
/lgtm |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: knobunc, Miciah, sgreene570 The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
/bugzilla refresh Recalculating validity in case the underlying Bugzilla bug has changed. |
@openshift-bot: This pull request references Bugzilla bug 1932649, which is invalid:
Comment In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/retest |
/bugzilla refresh |
@sgreene570: This pull request references Bugzilla bug 1932649, which is valid. The bug has been moved to the POST state. The bug has been updated to refer to the pull request using the external bug tracker. 6 validation(s) were run on this bug
In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/bugzilla refresh |
@knobunc: This pull request references Bugzilla bug 1932649, which is valid. 6 validation(s) were run on this bug
In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/retest Please review the full test history for this PR and help us cut down flakes. |
1 similar comment
/retest Please review the full test history for this PR and help us cut down flakes. |
/bugzilla cc-qa |
@lihongan: This pull request references Bugzilla bug 1932649, which is valid. 6 validation(s) were run on this bug
Requesting review from QA contact: In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/retest Please review the full test history for this PR and help us cut down flakes. |
4 similar comments
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest |
/retest Please review the full test history for this PR and help us cut down flakes. |
@sgreene570: All pull requests linked via external trackers have merged: Bugzilla bug 1932649 has been moved to the MODIFIED state. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
This is the manual expedited 4.7 cherry pick of #556
Add edge termination to canary route (credit to @jomeier)
This commit adds edge termination to the canary route. If you use an external loadbalancer that redirects all http traffic to https (us in our case) this route will not serve its purpose and the openshift-ingress-operator will be degraded during an upgrade.
Setting it to 'edge' termination should always work.
Call: 'make generate'.
Canary: Skip TLS verification in canary HTTP client
Commit
c98416
switched the canary route from a cleartext route to an edge terminated route. In order for canary probes to succeed, the canary client needs to skip TLS verification, since the router's default certificate may be a self-signed certificate. This change is temporary, since ideally the router's default certificate (or a new certificate for the canary route) would be added to the canary client's trust bundle.