Validating dataplane/controlplane TLS consistency #821
Conversation
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: jpodivin The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
|
|
Build failed (check pipeline). Post https://review.rdoproject.org/zuul/buildset/46cf76bba926464595a474d8202ce862 ❌ openstack-k8s-operators-content-provider FAILURE in 9m 03s |
|
Build failed (check pipeline). Post https://review.rdoproject.org/zuul/buildset/e662a0db9d064cb09ef911ca2460d49a ❌ openstack-k8s-operators-content-provider FAILURE in 10m 12s |
|
Build failed (check pipeline). Post https://review.rdoproject.org/zuul/buildset/f89773911d694365806687351a5fd6e1 ❌ openstack-k8s-operators-content-provider FAILURE in 9m 14s |
jpodivin
force-pushed
the
tlsplanes
branch
2 times, most recently
from
b343ddf to
b7eacad
Compare
|
Build failed (check pipeline). Post https://review.rdoproject.org/zuul/buildset/523fdce00e0c4abea71540316df2dc10 ❌ openstack-k8s-operators-content-provider FAILURE in 8m 44s |
jpodivin
force-pushed
the
tlsplanes
branch
2 times, most recently
from
7a1f52d to
4055dc7
Compare
jpodivin
changed the title
|
Build failed (check pipeline). Post https://review.rdoproject.org/zuul/buildset/28b5a62eecff4b2c8d904deb817f25b7 ❌ openstack-k8s-operators-content-provider FAILURE in 8m 57s |
|
Build failed (check pipeline). Post https://review.rdoproject.org/zuul/buildset/01a6ba7ae47e47a98f1f339c0fce60a4 ❌ openstack-k8s-operators-content-provider FAILURE in 9m 02s |
|
There seems to be an issue with openstack-operator dependency forcing downgrade in the lib-common dependency. |
|
Build failed (check pipeline). Post https://review.rdoproject.org/zuul/buildset/f87dc5332f7c48889c00e186ff1b378a ❌ openstack-k8s-operators-content-provider FAILURE in 8m 41s |
| if err == nil { | ||
| err = r.TLSMatch(controlPlane) | ||
| } | ||
|
|
There was a problem hiding this comment.
In the case where the control plane is not found, we should requeue and wait, right?
There was a problem hiding this comment.
Based on your comments in JIRA I though we want to ignore this case and continue uninterrupted?
If only one exists, use that one. If more than one exists, fail with message. If not control plane exists, do nothing.
There was a problem hiding this comment.
ah good point. I forgot about the no control plane case. @slagle - this is a legit case, right?
| } else if len(controlPlanes.Items) == 1 { | ||
| controlPlane = controlPlanes.Items[0] | ||
| err = r.TLSMatch(controlPlane) | ||
| } |
There was a problem hiding this comment.
Again, if there is no control plane , we should requeue and wait, right?
|
Build failed (check pipeline). Post https://review.rdoproject.org/zuul/buildset/1879225db1af40288e2bfd9a31e4c77a ✔️ openstack-k8s-operators-content-provider SUCCESS in 2h 22m 26s |
|
/recheck multiple timeouts |
|
/recheck |
|
Build failed (check pipeline). Post https://review.rdoproject.org/zuul/buildset/9b4ca551f170495c81fafb60d5d2b503 ✔️ openstack-k8s-operators-content-provider SUCCESS in 45m 39s |
|
/hold |
|
Build failed (check pipeline). Post https://review.rdoproject.org/zuul/buildset/d2aa8a93a5024bb78c34186aab290d19 ✔️ openstack-k8s-operators-content-provider SUCCESS in 2h 10m 58s |
jpodivin
force-pushed
the
tlsplanes
branch
2 times, most recently
from
ec726bc to
485c5fe
Compare
|
/retest goproxy issues. |
|
@jpodivin: The
The following commands are available to trigger optional jobs:
Use
In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
/retest |
|
Build failed (check pipeline). Post https://review.rdoproject.org/zuul/buildset/4b1f24865f914b89b2aa7904c8f79cb8 ✔️ openstack-k8s-operators-content-provider SUCCESS in 3h 55m 30s |
|
/retest |
|
Build failed (check pipeline). Post https://review.rdoproject.org/zuul/buildset/5289264a1ff44c37b14a0b48c5fbf28b ✔️ openstack-k8s-operators-content-provider SUCCESS in 3h 29m 42s |
jpodivin
force-pushed
the
tlsplanes
branch
5 times, most recently
from
9366612 to
3fee74c
Compare
|
@jpodivin: The following test failed, say
Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
|
Build failed (check pipeline). Post https://review.rdoproject.org/zuul/buildset/bbb38d717138435aa9cf6d7b7e605444 ✔️ openstack-k8s-operators-content-provider SUCCESS in 2h 44m 19s |
…stency Verifies that TLS settings for nodeset are consistent with those of existing control plane, if there is one and only one. If there are multiple control planes the process will result in error, same if it isn't possible to retrieve list of control planes. Tests are included Signed-off-by: Jiri Podivin <[email protected]>
Webhook verifies that TLS settings for nodeset are consistent with those of existing control plane, if there is one.
adding dependency on openstack-operator
New field for nodeset specifying control plane name.