Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bug 1794313: Some cluster operators fail to come up because RHV CA is not trusted by a pod #3261

Merged
merged 1 commit into from Mar 10, 2020
Merged

Bug 1794313: Some cluster operators fail to come up because RHV CA is not trusted by a pod #3261

merged 1 commit into from Mar 10, 2020

Conversation

rgolangh
Copy link
Contributor

@rgolangh rgolangh commented Mar 9, 2020
edited

Some components of the cluster are interacting with oVirt API but don't
have way to verify it's certificate.

To support that the installer will ask for the CA bundle, and it
will be kept inside ovirt-credentials secret.

Once in ovirt-credentials secret it should be mounted into a container's
/etc/ssl/certs path. This way every https client will have the CA cert in
the trusted pool.

Related: openshift/cloud-credential-operator#164

@openshift-ci-robot openshift-ci-robot added the bugzilla/invalid-bug Indicates that a referenced Bugzilla bug is invalid for the branch this PR is targeting. label Mar 9, 2020
@openshift-ci-robot
Copy link
Contributor

@rgolangh: This pull request references Bugzilla bug 1794313, which is invalid:

  • expected the bug to target the "4.5.0" release, but it targets "4.4.0" instead

Comment /bugzilla refresh to re-evaluate validity if changes to the Bugzilla bug are made, or edit the title of this pull request to link to a different bug.

In response to this:

Bug 1794313: Some cluster operators fail to come up because RHV CA is not trusted by a pod

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openshift-ci-robot openshift-ci-robot added the size/M Denotes a PR that changes 30-99 lines, ignoring generated files. label Mar 9, 2020
@openshift-ci-robot
Copy link
Contributor

@rgolangh: This pull request references Bugzilla bug 1794313, which is invalid:

  • expected the bug to target the "4.5.0" release, but it targets "4.4.0" instead

Comment /bugzilla refresh to re-evaluate validity if changes to the Bugzilla bug are made, or edit the title of this pull request to link to a different bug.

In response to this:

Bug 1794313: Some cluster operators fail to come up because RHV CA is not trusted by a pod

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

1 similar comment
@openshift-ci-robot
Copy link
Contributor

@rgolangh: This pull request references Bugzilla bug 1794313, which is invalid:

  • expected the bug to target the "4.5.0" release, but it targets "4.4.0" instead

Comment /bugzilla refresh to re-evaluate validity if changes to the Bugzilla bug are made, or edit the title of this pull request to link to a different bug.

In response to this:

Bug 1794313: Some cluster operators fail to come up because RHV CA is not trusted by a pod

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@rgolangh rgolangh mentioned this pull request Mar 9, 2020
Merged
@openshift-ci-robot
Copy link
Contributor

@rgolangh: This pull request references Bugzilla bug 1794313, which is invalid:

  • expected the bug to target the "4.5.0" release, but it targets "4.4.0" instead

Comment /bugzilla refresh to re-evaluate validity if changes to the Bugzilla bug are made, or edit the title of this pull request to link to a different bug.

In response to this:

Bug 1794313: Some cluster operators fail to come up because RHV CA is not trusted by a pod

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@rgolangh
Copy link
Contributor Author

rgolangh commented Mar 9, 2020

/bugzilla refresh

@openshift-ci-robot openshift-ci-robot added the bugzilla/valid-bug Indicates that a referenced Bugzilla bug is valid for the branch this PR is targeting. label Mar 9, 2020
@openshift-ci-robot
Copy link
Contributor

@rgolangh: This pull request references Bugzilla bug 1794313, which is valid. The bug has been moved to the POST state. The bug has been updated to refer to the pull request using the external bug tracker.

3 validation(s) were run on this bug
  • bug is open, matching expected state (open)
  • bug target release (4.5.0) matches configured target release for branch (4.5.0)
  • bug is in the state NEW, which is one of the valid states (NEW, ASSIGNED, ON_DEV, POST, POST)

In response to this:

/bugzilla refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openshift-ci-robot openshift-ci-robot removed the bugzilla/invalid-bug Indicates that a referenced Bugzilla bug is invalid for the branch this PR is targeting. label Mar 9, 2020
@rgolangh
ovirt: Ask for the CA pem content ovirt API
31f4aa8 
Some components of the cluster are interacting with oVirt API but don't
have way to verify it's certificate.

To support that the installer will ask for the CA bundle, and it
will be kept inside ovirt-credentials secret.

Once in ovirt-credentials secret it should be mounted into a container's
/etc/ssl/certs path. This way every https client will have the CA cert in
the trusted pool.

Signed-off-by: Roy Golan <rgolan@redhat.com>
@sdodson
Copy link
Member

sdodson commented Mar 10, 2020

/approve

@openshift-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: sdodson

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci-robot openshift-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Mar 10, 2020
@jcpowermac
Copy link
Contributor

/lgtm

@openshift-ci-robot openshift-ci-robot added the lgtm Indicates that a PR is ready to be merged. label Mar 10, 2020
@openshift-bot
Copy link
Contributor

/retest

Please review the full test history for this PR and help us cut down flakes.

2 similar comments
@openshift-bot
Copy link
Contributor

/retest

Please review the full test history for this PR and help us cut down flakes.

@openshift-bot
Copy link
Contributor

/retest

Please review the full test history for this PR and help us cut down flakes.

@sdodson
Copy link
Member

sdodson commented Mar 10, 2020

/override ci/prow/e2e-aws

@openshift-ci-robot
Copy link
Contributor

@sdodson: Overrode contexts on behalf of sdodson: ci/prow/e2e-aws

In response to this:

/override ci/prow/e2e-aws

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openshift-merge-robot openshift-merge-robot merged commit 4d880b7 into openshift:master Mar 10, 2020
@sdodson
Copy link
Member

sdodson commented Mar 10, 2020

/cherrypick release-4.4

@openshift-cherrypick-robot openshift-cherrypick-robot mentioned this pull request Mar 10, 2020
Merged
@openshift-cherrypick-robot
Copy link

@sdodson: new pull request created: #3267

In response to this:

/cherrypick release-4.4

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openshift-ci-robot
Copy link
Contributor

@rgolangh: The following tests failed, say /retest to rerun all failed tests:

Test name Commit Details Rerun command
ci/prow/e2e-libvirt 31f4aa8 link /test e2e-libvirt
ci/prow/e2e-ovirt 31f4aa8 link /test e2e-ovirt

Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@fabianofranz fabianofranz Awaiting requested review from fabianofranz

@jcpowermac jcpowermac Awaiting requested review from jcpowermac

Assignees

@jcpowermac jcpowermac

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. bugzilla/valid-bug Indicates that a referenced Bugzilla bug is valid for the branch this PR is targeting. lgtm Indicates that a PR is ready to be merged. size/M Denotes a PR that changes 30-99 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
7 participants
@rgolangh @openshift-ci-robot @sdodson @jcpowermac @openshift-bot @openshift-cherrypick-robot @openshift-merge-robot