Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ensure certgen handles already-existing secrets correctly #2178

Merged
merged 1 commit into from
Jan 30, 2020
Merged

Ensure certgen handles already-existing secrets correctly #2178

merged 1 commit into from
Jan 30, 2020

Conversation

youngnick
Copy link
Member

Fixes #2150 by ensuring that the contour certgen Job will succeed if the secrets already exist.

Signed-off-by: Nick Young [email protected]

@youngnick youngnick added this to the 1.2.0 milestone Jan 30, 2020
jpeach
jpeach approved these changes Jan 30, 2020
View reviewed changes
Copy link
Contributor

@jpeach jpeach left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

internal/certgen/certgen.go
@@ -103,6 +104,10 @@ func writeCACertKube(client *kubernetes.Clientset, namespace string, cert []byte
secret := newCertOnlySecret("cacert", namespace, "cacert.pem", cert)
_, err := client.CoreV1().Secrets(namespace).Create(secret)
if err != nil {
if k8serrors.IsAlreadyExists(err) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit: would this style be more canonical?

if _, err := client.CoreV1().Secrets(namespace).Create(secret); if err != nil {
        ...
}

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Won't hurt. I'll change it.

@jpeach
Copy link
Contributor

jpeach commented Jan 30, 2020

@youngnick Is there a place to document this?

@youngnick
Copy link
Member Author

It's what we always said the behaviour was, and the inspiration behind having certgen being a Job in the first place. I've obviously missed a big test case when doing this originally, 🤦‍♂.

I guess my answer is, "I'm not sure".

@jpeach
Copy link
Contributor

jpeach commented Jan 30, 2020 via email

@youngnick
Copy link
Member Author

#2183 created. I'll merge this now and work on that.

@youngnick youngnick merged commit 02ed8c5 into projectcontour:master Jan 30, 2020
@ryanelian
Copy link

Does certgen recreates existing certificates if expired?

@jpeach
Copy link
Contributor

jpeach commented Jan 31, 2020 via email

@stevesloka stevesloka added the release-note Denotes a PR that will be considered when it comes time to generate release notes. label Feb 20, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jpeach jpeach jpeach approved these changes

@davecheney davecheney Awaiting requested review from davecheney

@stevesloka stevesloka Awaiting requested review from stevesloka

Assignees
No one assigned
Labels
release-note Denotes a PR that will be considered when it comes time to generate release notes.
Projects
None yet
Milestone
1.2.0
Development

Successfully merging this pull request may close these issues.

Failed to Apply contour-certgen Job Manifest!
4 participants
@youngnick @jpeach @ryanelian @stevesloka