Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Dummy ca-bundle.crt for non-OpenShift #2007

Merged
merged 1 commit into from
May 9, 2023
Merged

Dummy ca-bundle.crt for non-OpenShift #2007

merged 1 commit into from
May 9, 2023

Conversation

2uasimojo
Copy link
Member

@2uasimojo 2uasimojo commented May 8, 2023
edited by openshift-ci bot

If we're not running on OpenShift, the magic label doesn't cause OpenShift to populate the merged CA bundle ConfigMap. This would cause the ConfigMap mount to fail, and provisions wouldn't start. This commit defaults that key to empty so the file will always exist and the mount will work. (Note that update-ca-trust properly ignores an empty file.)

HIVE-2210

@2uasimojo
Dummy ca-bundle.crt for non-OpenShift
8b9fdba 
If we're not running on OpenShift, the magic label doesn't cause
OpenShift to populate the merged CA bundle ConfigMap. This would cause
the ConfigMap mount to fail, and provisions wouldn't start. This commit
defaults that key to empty so the file will always exist and the mount
will work. (Note that `update-ca-trust` properly ignores an empty file.)

HIVE-2210
@2uasimojo
Copy link
Member Author

/assign @abutcher

@openshift-ci openshift-ci bot requested review from jstuever and lleshchi May 8, 2023 21:42
@openshift-ci openshift-ci bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label May 8, 2023
@2uasimojo 2uasimojo mentioned this pull request May 8, 2023
Merged
@openshift-ci
Copy link
Contributor

openshift-ci bot commented May 8, 2023

@2uasimojo: all tests passed!

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

@codecov
Copy link

codecov bot commented May 8, 2023
edited

Codecov Report

Merging #2007 (8b9fdba) into master (7735bf3) will decrease coverage by 0.01%.
The diff coverage is 44.44%.

Additional details and impacted files

Impacted file tree graph

@@            Coverage Diff             @@
##           master    #2007      +/-   ##
==========================================
- Coverage   57.99%   57.99%   -0.01%     
==========================================
  Files         186      186              
  Lines       25361    25368       +7     
==========================================
+ Hits        14709    14711       +2     
- Misses       9412     9415       +3     
- Partials     1240     1242       +2
Impacted Files Coverage Δ
pkg/constants/constants.go 100.00% <ø> (ø)
.../clusterdeployment/clusterdeployment_controller.go 63.71% <28.57%> (-0.16%) ⬇️
pkg/install/generate.go 44.40% <100.00%> (ø)

@abutcher
Copy link
Member

abutcher commented May 9, 2023
edited

Tested image quay.io/2uasimojo/hive:2210-dummy-cabundle on a kind cluster and was able to create and destroy a cluster.

➜  hive (master) ✔ kubectl version --short
Flag --short has been deprecated, and will be removed in the future. The --short output will become the default.
Client Version: v1.24.1
Kustomize Version: v4.5.4
Server Version: v1.24.0

➜  hive (master) ✔ oc get cd
NAME           INFRAID              PLATFORM   REGION      VERSION   CLUSTERTYPE   PROVISIONSTATUS   POWERSTATE   AGE
abutchertest   abutchertest-6fzcf   aws        us-east-1   4.13.0                  Provisioned       Running      35m

I ran into issues due to kind running kube v1.24+ since ServiceAccount token secrets are not automatically created . I worked around that by creating the necessary secrets but that's a separate issue we should resolve in make deploy.

For example,

apiVersion: v1
kind: Secret
metadata:
  name: hiveadmission-sa-token
  namespace: hive
  annotations:
    kubernetes.io/service-account.name: "hiveadmission"
type: kubernetes.io/service-account-token

/lgtm

@openshift-ci openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label May 9, 2023
@openshift-ci
Copy link
Contributor

openshift-ci bot commented May 9, 2023

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: 2uasimojo, abutcher

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-merge-robot openshift-merge-robot merged commit b703a6e into openshift:master May 9, 2023
7 checks passed
@2uasimojo 2uasimojo deleted the HIVE-2210/ghost-cabundle branch May 9, 2023 13:55
@2uasimojo
Copy link
Member Author

We've now got https://issues.redhat.com/browse/HIVE-2219 to address those missing secrets.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jstuever jstuever Awaiting requested review from jstuever

@lleshchi lleshchi Awaiting requested review from lleshchi

Assignees

@abutcher abutcher

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. lgtm Indicates that a PR is ready to be merged.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@2uasimojo @abutcher @openshift-merge-robot