Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

bug 1771811: make certificate updates live upon update #1151

Merged
merged 3 commits into from Dec 2, 2019
Merged

bug 1771811: make certificate updates live upon update #1151

merged 3 commits into from Dec 2, 2019

Conversation

jpeeler
Copy link
Contributor

@jpeeler jpeeler commented Nov 23, 2019

Description of the change:
This modifies the metrics https configuration to dynamically update certificates if the backing secrets are updated.

Motivation for the change:
Certificate rotation is a necessary feature given that certificates eventually expire.

Reviewer Checklist

  • Implementation matches the proposed design, or proposal is updated to match implementation
  • Sufficient unit test coverage
  • Sufficient end-to-end test coverage
  • Docs updated or added to /docs
  • Commit messages sensible and descriptive

@jpeeler
chore(modules): add fsnotify
ef79cec
@jpeeler
feat(filemonitor): add new filemonitor package
0d6a4d4 
Watcher is a generic (also cross platform) file watching mechanism for
receiving file system events in real time. A simple API has been written
to watch a list of paths and to run a user defined callback for
processing of the events.

Using the above, a keystore has been made such that when a target
directory containing certificates are updated the contents are made
available via a callback. This callback is compatible with passing to an
http server tls config, which allows for zero downtime certificate
swapping.
@jpeeler
bug(metrics): serve metrics using new certs when replaced
9e38619
@openshift-ci-robot
Copy link
Collaborator

@jpeeler: This pull request references Bugzilla bug 1771811, which is invalid:

  • expected the bug to target the "4.4.0" release, but it targets "4.3.0" instead

Comment /bugzilla refresh to re-evaluate validity if changes to the Bugzilla bug are made, or edit the title of this pull request to link to a different bug.

In response to this:

bug 1771811: make certificate updates live upon update

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openshift-ci-robot openshift-ci-robot added the bugzilla/invalid-bug Indicates that a referenced Bugzilla bug is invalid for the branch this PR is targeting. label Nov 23, 2019
@openshift-ci-robot openshift-ci-robot added approved Indicates a PR has been approved by an approver from all required OWNERS files. size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. labels Nov 23, 2019
@jpeeler
Copy link
Contributor Author

jpeeler commented Nov 23, 2019

/retest

2 similar comments
@jpeeler
Copy link
Contributor Author

jpeeler commented Nov 24, 2019

/retest

@jpeeler
Copy link
Contributor Author

jpeeler commented Nov 25, 2019

/retest

@jpeeler
Copy link
Contributor Author

jpeeler commented Nov 26, 2019

/test e2e-aws-console-olm

@ecordell
Copy link
Member

/retest

@ecordell
Copy link
Member

/bugzilla refresh

@openshift-ci-robot openshift-ci-robot added bugzilla/valid-bug Indicates that a referenced Bugzilla bug is valid for the branch this PR is targeting. and removed bugzilla/invalid-bug Indicates that a referenced Bugzilla bug is invalid for the branch this PR is targeting. labels Nov 27, 2019
@openshift-ci-robot
Copy link
Collaborator

@ecordell: This pull request references Bugzilla bug 1771811, which is valid. The bug has been moved to the POST state. The bug has been updated to refer to the pull request using the external bug tracker.

In response to this:

/bugzilla refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@ecordell
Copy link
Member

/lgtm

@openshift-ci-robot
Copy link
Collaborator

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: ecordell, jpeeler

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci-robot openshift-ci-robot added the lgtm Indicates that a PR is ready to be merged. label Nov 27, 2019
@jpeeler
Copy link
Contributor Author

jpeeler commented Dec 2, 2019

/retest

2 similar comments
@jpeeler
Copy link
Contributor Author

jpeeler commented Dec 2, 2019

/retest

@jpeeler
Copy link
Contributor Author

jpeeler commented Dec 2, 2019

/retest

@openshift-merge-robot openshift-merge-robot merged commit b549266 into operator-framework:master Dec 2, 2019
@openshift-ci-robot
Copy link
Collaborator

@jpeeler: All pull requests linked via external trackers have merged. Bugzilla bug 1771811 has been moved to the MODIFIED state.

In response to this:

bug 1771811: make certificate updates live upon update

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@jpeeler
Copy link
Contributor Author

jpeeler commented Dec 3, 2019

/cherry-pick release-4.3

@openshift-cherrypick-robot openshift-cherrypick-robot mentioned this pull request Dec 3, 2019
Merged
@openshift-cherrypick-robot
Copy link

@jpeeler: new pull request created: #1165

In response to this:

/cherry-pick release-4.3

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ecordell ecordell Awaiting requested review from ecordell

@njhale njhale Awaiting requested review from njhale

Assignees

@ecordell ecordell

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. bugzilla/valid-bug Indicates that a referenced Bugzilla bug is valid for the branch this PR is targeting. lgtm Indicates that a PR is ready to be merged. size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@jpeeler @openshift-ci-robot @ecordell @openshift-cherrypick-robot @openshift-merge-robot