New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[tls] Improve the TLS kuttl scenarios #797

Merged

openshift-merge-bot merged 1 commit into openstack-k8s-operators:main from Deydra71:tls-kuttl

Jul 18, 2024

Contributor

Deydra71 commented May 14, 2024 •

edited

Loading

Test scenarios:

Custom Issuer
- Deploy with the default internal issuer, then switch to a custom internal issuer (and vice versa),
- Deploy with the default ingress issuer, then switch to a custom ingress issuer (and vice versa),
Service Certificate Rotation
- After deployment, certificate secrets are deleted, triggering service restarts. The test checks whether new secrets are mounted in service pods and if route configurations use these new secrets.
Custom CA cert added to a bundle
Customize cert and CA cert duration parameters

Test scenarios to be added:
~~CA cert rotation~~

Deydra71 added the do-not-merge/hold label

openshift-ci bot requested review from lewisdenny and viroel

May 14, 2024 07:29

Deydra71 added the do-not-merge/work-in-progress label

Deydra71 requested review from olliewalsh, stuggi and vakwetu and removed request for lewisdenny and viroel

May 14, 2024 07:29

openshift-ci bot removed the do-not-merge/work-in-progress label

Deydra71 added a commit to Deydra71/dev-docs that referenced this pull request


          [tls] Add kuttl scenarios description

a8eb348

Depends-On: openstack-k8s-operators/openstack-operator/pull/797
Signed-off-by: Veronika Fisarova <[email protected]>

Deydra71 mentioned this pull request

[tls] Add kuttl scenarios description openstack-k8s-operators/dev-docs#110

Merged

Deydra71 force-pushed the tls-kuttl branch from c09aefb to 0cd1933 Compare

May 14, 2024 07:53

Contributor Author

Deydra71 commented May 14, 2024 •

edited

Loading

The kuttl test may be failing because Swift remains in a NotReady condition, even though all pods have been successfully restarted with new secrets. In the local testing environment, simply deleting the Swift pods was enough to trigger a change to the ready condition. This issue has already been discussed with @stuggi, and it is on the todo list after the freeze.

Deydra71 force-pushed the tls-kuttl branch 3 times, most recently from 513f02d to df39c98 Compare

May 16, 2024 07:34

Contributor Author

Deydra71 commented May 16, 2024 •

edited

Loading

The scripts are now using cert-manager label controller.cert-manager.io/fao=true to delete service and route secrets. The core.openstack.org/openstackcontrolplane label is now used to query the ctlplane without specifying the object name.

Deydra71 force-pushed the tls-kuttl branch from df39c98 to 2bd7dfd Compare

May 16, 2024 10:35

Deydra71 force-pushed the tls-kuttl branch from 2bd7dfd to c0ec3a7 Compare

May 29, 2024 06:33

Deydra71 added a commit to Deydra71/dev-docs that referenced this pull request


          [tls] Add kuttl scenarios description

043e9db

Depends-On: openstack-k8s-operators/openstack-operator/pull/797
Signed-off-by: Veronika Fisarova <[email protected]>

Deydra71 added a commit to Deydra71/dev-docs that referenced this pull request


          [tls] Add kuttl scenarios description

faff427

...and enhancements/corrections.

Depends-On: openstack-k8s-operators/openstack-operator/pull/797
Signed-off-by: Veronika Fisarova <[email protected]>

Deydra71 force-pushed the tls-kuttl branch from c0ec3a7 to e10c2c7 Compare

May 31, 2024 06:17

softwarefactory-project-zuul bot commented May 31, 2024

Build failed (check pipeline). Post recheck (without leading slash)
to rerun all jobs. Make sure the failure cause has been resolved before
you rerun jobs.

https://review.rdoproject.org/zuul/buildset/71d6563eb9f5403fa274c9b23ab38fee

✔️ openstack-k8s-operators-content-provider SUCCESS in 2h 08m 34s
❌ podified-multinode-edpm-deployment-crc FAILURE in 1h 10m 27s
✔️ cifmw-crc-podified-edpm-baremetal SUCCESS in 1h 26m 45s
❌ openstack-operator-tempest-multinode POST_FAILURE in 1h 50m 42s

Contributor Author

Deydra71 commented May 31, 2024

recheck

stuggi mentioned this pull request

[DNM] Tls kuttl #804

Closed

Deydra71 force-pushed the tls-kuttl branch from e10c2c7 to d6c1e8d Compare

June 6, 2024 07:26

Deydra71 added a commit to Deydra71/dev-docs that referenced this pull request


          [tls] Add kuttl scenarios description

8c4d32d

...and enhancements/corrections.

Depends-On: openstack-k8s-operators/openstack-operator/pull/797
Signed-off-by: Veronika Fisarova <[email protected]>

Deydra71 force-pushed the tls-kuttl branch 2 times, most recently from 7419365 to ce03d30 Compare

June 6, 2024 13:55

Contributor

stuggi commented Jul 12, 2024

/test openstack-operator-build-deploy-kuttl

1 similar comment

Contributor

stuggi commented Jul 12, 2024

/test openstack-operator-build-deploy-kuttl

Deydra71 force-pushed the tls-kuttl branch from f90fbdb to 5add72f Compare

July 12, 2024 16:53

Contributor Author

Deydra71 commented Jul 14, 2024

/test openstack-operator-build-deploy-kuttl

1 similar comment

Contributor Author

Deydra71 commented Jul 15, 2024

/test openstack-operator-build-deploy-kuttl

Deydra71 force-pushed the tls-kuttl branch from 5add72f to 48b094e Compare

July 15, 2024 08:49

Contributor Author

Deydra71 commented Jul 15, 2024

/test openstack-operator-build-deploy-kuttl

3 similar comments

Contributor

stuggi commented Jul 15, 2024

/test openstack-operator-build-deploy-kuttl

Contributor

stuggi commented Jul 15, 2024

/test openstack-operator-build-deploy-kuttl

Contributor

stuggi commented Jul 16, 2024

/test openstack-operator-build-deploy-kuttl

Deydra71 force-pushed the tls-kuttl branch from 48b094e to dfc30ae Compare

July 16, 2024 07:12

Contributor Author

Deydra71 commented Jul 16, 2024

/test openstack-operator-build-deploy-kuttl

2 similar comments

Contributor

stuggi commented Jul 16, 2024

/test openstack-operator-build-deploy-kuttl

Contributor

stuggi commented Jul 16, 2024

/test openstack-operator-build-deploy-kuttl

Deydra71 force-pushed the tls-kuttl branch from dfc30ae to dce8ba1 Compare

July 17, 2024 05:42


          [tls] Improve the TLS kuttl scenarios

78f6fbb

Signed-off-by: Veronika Fisarova <[email protected]>

Deydra71 force-pushed the tls-kuttl branch from dce8ba1 to 78f6fbb Compare

July 17, 2024 05:56

Contributor Author

Deydra71 commented Jul 17, 2024

/test openstack-operator-build-deploy-kuttl

5 similar comments

Contributor Author

Deydra71 commented Jul 17, 2024

/test openstack-operator-build-deploy-kuttl

Contributor Author

Deydra71 commented Jul 17, 2024

/test openstack-operator-build-deploy-kuttl

Contributor Author

Deydra71 commented Jul 17, 2024

/test openstack-operator-build-deploy-kuttl

Contributor

stuggi commented Jul 18, 2024

/test openstack-operator-build-deploy-kuttl

Contributor

stuggi commented Jul 18, 2024

/test openstack-operator-build-deploy-kuttl

olliewalsh reviewed

View reviewed changes

tests/kuttl/common/osp_check_cert_issuer.sh

+                      host_port=$(echo "$endpoint_url" | sed -E 's|^[^:/]+://([^:/]+).*|\1|')
+                  else
+                      # Extract the hostname and port for internal endpoints, keeping the port if specified
+                      host_port=$(echo "$endpoint_url" | sed -E 's|^[^:/]+://([^:/]+(:[0-9]+)?).*|\1|')

Contributor

olliewalsh Jul 18, 2024

nit: could just use this for both endpoint types

stuggi approved these changes

View reviewed changes

Contributor

stuggi left a comment

/lgtm

stuggi added approved lgtm labels

Contributor

openshift-ci bot commented Jul 18, 2024

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: Deydra71, stuggi

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

~~OWNERS~~ [stuggi]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

openshift-merge-bot bot merged commit df26588 into openstack-k8s-operators:main

8 checks passed

Deydra71 added a commit to Deydra71/dev-docs that referenced this pull request


          [tls] Add kuttl scenarios description

4ab755a

...and enhancements/corrections.

Depends-On: openstack-k8s-operators/openstack-operator/pull/797
Signed-off-by: Veronika Fisarova <[email protected]>

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels