[release-4.14] WINC-688: Support removing proxy certs from Windows nodes #1903
Conversation
With this commit, WICD controller reacts to changes in the trusted CA bundle that involve a certificate removal. Certificates that are removed from the trusted CA bundle are in turn removed from each Windows node's local trust store and each node rebooted. With this, no outgoing traffic from the node will try to use removed certificates (unless re-added to the trust bundle later). This is also the case when when nodes are deconfigured -- all certificates imported to the node by the operator are removed by WICD cleanup. This could be during upgrade or when BYOH instances are decomissioned from the cluster. Also, this commit allows WICD controller to generate a warning event informing the user of potentially stale certificates left on their Windows nodes in the case that the file containing all certs imported by the operator is corrupted.
This commit tests that proxy certificates are removed from Windows instances' local trust stores when cluster-wide proxy config changes/is removed and when BYOH nodes are removed from the cluster.
|
@openshift-cherrypick-robot: An error was encountered cloning bug for cherrypick for bug WINC-688 on the Jira server at https://issues.redhat.com/. No known errors were detected, please see the full error message for details. Full error message.
request failed. Please analyze the request body for more details. Status code: 400: {"errorMessages":["Number value expected as the Sprint id."],"errors":{"customfield_12318341":"Operation value must be a string"}}
Please contact an administrator to resolve this issue, then request a bug refresh with In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
/approve |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: openshift-cherrypick-robot, sebsoto The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci
bot
added
the
approved
|
/lgtm |
|
/test platform-none-vsphere-e2e-operator retesting, cluster install failure |
|
/retest-required |
|
/retest-required
|
|
/retest-required |
|
/retest-required |
|
/refresh |
|
/retest-required |
|
/hold Revision 5c0870b was retested 3 times: holding |
openshift-ci
bot
added
the
do-not-merge/hold
|
/retest-required |
|
@openshift-cherrypick-robot: all tests passed! Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
|
/hold cancel All tests passed. |
openshift-ci
bot
removed
the
do-not-merge/hold
This is an automated cherry-pick of #1834
/assign saifshaikh48