-
Notifications
You must be signed in to change notification settings - Fork 58
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Cert rotation for e2e chart #145
Cert rotation for e2e chart #145
Conversation
ba0310c
to
2dd1e8a
Compare
/assign @marosset @aravindhp @ycheng-kareo |
@jsturtevant: GitHub didn't allow me to assign the following users: ycheng-kareo. Note that only kubernetes-sigs members with read permissions, repo collaborators and people who have commented on this issue/PR can be assigned. Additionally, issues/PRs can only have 10 assignees at the same time. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Signed-off-by: James Sturtevant <jsturtevant@gmail.com>
Signed-off-by: James Sturtevant <jsturtevant@gmail.com>
Signed-off-by: James Sturtevant <jsturtevant@gmail.com>
Signed-off-by: James Sturtevant <jsturtevant@gmail.com>
55b69e4
to
b301883
Compare
Signed-off-by: James Sturtevant <jsturtevant@gmail.com>
b301883
to
0ab2972
Compare
/cc @ycheng-kareo |
@jsturtevant: GitHub didn't allow me to request PR reviews from the following users: ycheng-kareo. Note that only kubernetes-sigs members and repo collaborators can review this PR, and authors cannot review their own PRs. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
thanks @jsturtevant! very helpful to see the code changes you made |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/lgtm
/approve
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: jsturtevant, marosset The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Follow up to #141 to add e2e tests
closes #135
This adds e2e tests for cert rotation using Cert-manager. The general process is the same when using the manual process but I an not going to add those since this tests the functionally of the rotation in the webhook which will be the same no matter how the cert is created/rotated.
This does add root-ca for cert-manager deployment, so that intermediate certs can be signed and issued, while the old one can still be validated. In a real deployment it would be be advised to use a CA issuer for you PKI infrastructure but this enables us to boot strap it here.
Read more about this here https://cert-manager.io/docs/configuration/selfsigned/ and here https://cert-manager.io/docs/usage/certificate/#issuance-behavior-rotation-of-the-private-key