Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(*) allow ca.crt to be in separate k8s secret #3638

Merged
merged 7 commits into from
Jan 10, 2022
Merged

feat(*) allow ca.crt to be in separate k8s secret #3638

merged 7 commits into from
Jan 10, 2022

Conversation

bartsmykla
Copy link
Contributor

Summary

This feature adds option to provide ca.crt in separate k8s secret
than tls.key/tls.crt, which allows to provide CA and certificates
using for example cert-manager

  • two small stylistic changes in helm chart's values.yaml file
    suggested by my IDE

Full changelog

No changelog

Issues resolved

Closes #3015

Documentation

Testing

  • Unit tests
  • E2E tests
  • Manual testing on Universal
  • Manual testing on Kubernetes

Backwards compatibility

  • Update UPGRADE.md with any steps users will need to take
    when upgrading.
  • Add backport-to-stable label if the code is backwards compatible. Otherwise, list breaking changes.

@bartsmykla bartsmykla requested a review from a team as a code owner January 4, 2022 08:47
@bartsmykla
feat(*): allow ca.crt to be in separate k8s secret
7e335bf 
This feature adds option to provide ca.crt in separate k8s secret
than tls.key/tls.crt, which allows to provide CA and certificates
using for example cert-manager

+ two small stylistic changes in helm chart's values.yaml file
  suggested by my IDE

Signed-off-by: Bart Smykla <bartek@smykla.com>
@bartsmykla bartsmykla force-pushed the feat/separate-secrets-for-ca-crt branch from 73a9160 to 7e335bf Compare January 4, 2022 08:47
lahabana
lahabana reviewed Jan 4, 2022
View reviewed changes
Copy link
Contributor

@lahabana lahabana left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we still have a test without: "--tls-general-ca-secret" ?

deployments/charts/kuma/README.md Outdated Show resolved Hide resolved
@bartsmykla
Copy link
Contributor Author

Do we still have a test without: "--tls-general-ca-secret" ?

Now we do (I moved the flag to different test case)

@codecov-commenter
Copy link

Codecov Report

Merging #3638 (4681fa9) into master (292c262) will decrease coverage by 0.01%.
The diff coverage is 100.00%.

Impacted file tree graph

@@            Coverage Diff             @@
##           master    #3638      +/-   ##
==========================================
- Coverage   50.94%   50.92%   -0.02%     
==========================================
  Files         928      928              
  Lines       56414    56415       +1     
==========================================
- Hits        28740    28732       -8     
- Misses      25395    25398       +3     
- Partials     2279     2285       +6
Impacted Files Coverage Δ
...d/install/context/install_control_plane_context.go 100.00% <ø> (ø)
app/kumactl/cmd/install/install_control_plane.go 74.31% <100.00%> (+0.23%) ⬆️
pkg/test/grpc/clientstream.go 84.00% <0.00%> (-8.00%) ⬇️
pkg/kds/client/sink.go 54.05% <0.00%> (-5.41%) ⬇️
pkg/plugins/runtime/gateway/route/sorter.go 61.53% <0.00%> (-5.13%) ⬇️
pkg/mads/v1/client/client.go 41.25% <0.00%> (-2.50%) ⬇️
pkg/dns/vips_allocator.go 72.34% <0.00%> (-1.42%) ⬇️
api/observability/v1/mads.pb.go 34.53% <0.00%> (-1.04%) ⬇️
pkg/core/resources/model/rest/resource.go 69.23% <0.00%> (+1.28%) ⬆️
pkg/core/resources/manager/cache.go 85.71% <0.00%> (+2.59%) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 292c262...4681fa9. Read the comment docs.

@bartsmykla bartsmykla enabled auto-merge (squash) January 10, 2022 09:11
@bartsmykla bartsmykla disabled auto-merge January 10, 2022 09:12
jakubdyszkiewicz
jakubdyszkiewicz approved these changes Jan 10, 2022
View reviewed changes
deployments/charts/kuma/values.yaml Outdated Show resolved Hide resolved
@bartsmykla bartsmykla enabled auto-merge (squash) January 10, 2022 09:53
@bartsmykla bartsmykla disabled auto-merge January 10, 2022 10:31
@bartsmykla bartsmykla merged commit 62ea035 into master Jan 10, 2022
@bartsmykla bartsmykla deleted the feat/separate-secrets-for-ca-crt branch January 10, 2022 10:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@michaelbeaumont michaelbeaumont michaelbeaumont left review comments

@jakubdyszkiewicz jakubdyszkiewicz jakubdyszkiewicz approved these changes

@lahabana lahabana Awaiting requested review from lahabana

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Allow providing control plane certs & ca in separate secrets
5 participants
@bartsmykla @codecov-commenter @lahabana @michaelbeaumont @jakubdyszkiewicz