Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

kube-apiserver-cert-syncer-kubeconfig: point to serving cert #905

Merged
merged 1 commit into from Jul 17, 2020
Merged

kube-apiserver-cert-syncer-kubeconfig: point to serving cert #905

merged 1 commit into from Jul 17, 2020

Conversation

sttts
Copy link
Contributor

@sttts sttts commented Jul 17, 2020
edited

The service account gets the service-account CA that is valid at the point of creation. So if the localhost-recovery CA is not yet part of the kube-apiserver serving CA (which is the case during bootstrapping), this service-account won't work with the localhost-recovery endpoints.

The serving CA bundle though is always correct as it changes with time.

Fixes 2a44f96#r456357777

Partly reverts #663.

@sttts
kube-apiserver-cert-syncer-kubeconfig: point to serving cert
16d93e6 
The service account gets the service-account CA that is valid at the point of creation. So if the localhost-recovery CA is not yet part of the kube-apiserver serving CA (which is the case during bootstrapping), this service-account won't work with the localhost-recovery endpoints.

The serving CA bundle though is always correct as it changes with time.

Fixes openshift@2a44f96#r456357777
@openshift-ci-robot openshift-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jul 17, 2020
@sttts
Copy link
Contributor Author

sttts commented Jul 17, 2020

Flake.

/retest

soltysh
soltysh approved these changes Jul 17, 2020
View reviewed changes
Copy link
Member

@soltysh soltysh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@tnozicka fyi, you need to check this on Monday, for now we want to unblock the work switching from origin to o/k repo
/lgtm

@openshift-ci-robot openshift-ci-robot added the lgtm Indicates that a PR is ready to be merged. label Jul 17, 2020
@openshift-ci-robot
Copy link

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: soltysh, sttts

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@sttts
Copy link
Contributor Author

sttts commented Jul 17, 2020

/hold

@p0lyn0mial noticed something that might be the root cause. Though my theory here stands.

@openshift-ci-robot openshift-ci-robot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Jul 17, 2020
@sttts
Copy link
Contributor Author

sttts commented Jul 17, 2020

/hold cancel

Seems to be different.

@openshift-ci-robot openshift-ci-robot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Jul 17, 2020
@soltysh
Copy link
Member

soltysh commented Jul 17, 2020

Unrelated failure, and we'd like to see if this unblocks us
/override ci/prow/e2e-aws-serial

@openshift-ci-robot
Copy link

@soltysh: soltysh unauthorized: /override is restricted to Repo administrators, approvers in top level OWNERS file.

In response to this:

Unrelated failure, and we'd like to see if this unblocks us
/override ci/prow/e2e-aws-serial

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@sttts
Copy link
Contributor Author

sttts commented Jul 17, 2020

/override ci/prow/e2e-aws-serial

@openshift-ci-robot
Copy link

@sttts: Overrode contexts on behalf of sttts: ci/prow/e2e-aws-serial

In response to this:

/override ci/prow/e2e-aws-serial

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openshift-merge-robot openshift-merge-robot merged commit 4d8ef97 into openshift:master Jul 17, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@soltysh soltysh soltysh approved these changes

@deads2k deads2k Awaiting requested review from deads2k

Assignees

@soltysh soltysh

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. lgtm Indicates that a PR is ready to be merged.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@sttts @openshift-ci-robot @soltysh @openshift-merge-robot