New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Builds - Mount trusted CA for cluster proxies #12
Conversation
/test e2e-aws-builds |
but PTAL @adambkaplan @bparees even with WIP label |
hmmm .... can we not run e2e-aws-builds out of OCM ? |
I'll be submitting a openshift/release PR to fix that @adambkaplan @bparees |
e2e-aws errors were oauth/router flakes /test e2e-aws |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@gabemontero a few things came out of the arch call this AM:
- We should mount to
/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
- We will always want to mount this since the new controller will be injecting the trust CA for the entire cluster, not just the proxy. Per @smarterclayton setting up the cluster CA may become an orthogonal configuration to proxies, as some customers want firm control over which CAs they trust.
/cc @bparees
@adambkaplan I pushed some responses to your initial comments in a new commit I deferred for now on the "always create the config map" point since it seemed like you were waiting for confirmation from @bparees |
OK @adambkaplan @bparees always created the CA relevant code snippets commented out pending arrival of injector controller squashed commits renamed I have the one question on potential additional scaffolding that could be done based whether injection key names are known. PTAL |
and the e2e-aws-builds jobs is getting triggered now |
/approve I'd like to see e2e-aws-builds succeed before staging this |
e2e-aws-build passed |
/hold temporarily until I get some of the inject key reference prototype in the commented out section |
ok placeholder added in commented out section /hold cancel |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/lgtm
terraform flake on e2e-aws /test e2e-aws |
/hold they renamed the annotation per @adambkaplan |
/hold cancel annotation updated @adambkaplan please re-lgtm |
auth / mem related flakes e2e-aws-builds /test e2e-aws-builds |
/test e2e-aws-builds @adambkaplan please re-post the lgtm thx |
e2e-aws-build avoided flakes ... this is ripe for the re posting the lgtm @adambkaplan |
/lgtm |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: adambkaplan, gabemontero The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
tolerate any taint
@openshift/openshift-team-developer-experience fyi
/assign @adambkaplan
/assign @bparees