Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

e2e: refactor TLS helpers #327

Open
wants to merge 2 commits into
base: sig-auth-acceptance
Choose a base branch
from
Open

e2e: refactor TLS helpers #327

wants to merge 2 commits into from
+58 −101

Conversation

stlaz
Copy link
Collaborator

@stlaz stlaz commented Nov 26, 2024

  • simplification of the current certgen code
  • better separation of leaf and CA certs in kube CMs/Secrets

@stlaz
e2e: tls - simplify certgen conde
6705e6e 
Unify cert template generation. SKID and AKID should be properly
computed by Golang, no need to add them explicitly - unless we need
explicit SKID but that's not the case in our tests.
@stlaz
e2e: rewire certs in CMs/Secrets
1414787 
The previous design was mixing CA and leaf certificates, making it
easy to confuse them at place of use. Have all the leaf cryptomaterial
in a secret, and the trust in the CM to avoid those issues.
@stlaz stlaz mentioned this pull request Nov 26, 2024
Open
@stlaz stlaz added the sig-auth-acceptance issues created during review for sig-auth-acceptance label Nov 26, 2024
alegacy
alegacy reviewed Nov 26, 2024
View reviewed changes
test/kubetest/kubernetes.go
_, err = client.CoreV1().Secrets(ctx.Namespace).Create(context.TODO(), &corev1.Secret{
ObjectMeta: metav1.ObjectMeta{
Name: secretName,
},
Data: map[string][]byte{
"tls.crt": pem.EncodeToMemory(&pem.Block{
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

alegacy
alegacy approved these changes Nov 26, 2024
View reviewed changes
Copy link

@alegacy alegacy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

...thought maybe there was an issue since the tests failed, but ran them on my system and they were fine.

@stlaz
Copy link
Collaborator Author

stlaz commented Nov 27, 2024

The test failed on KRP logging
I1126 13:37:03.550424 1 log.go:245] http: proxy error: dial tcp 10.96.218.31:8443: i/o timeout
That might be transient. The tests seemed to pass on my machine, too 👀

@stlaz stlaz self-assigned this Nov 27, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@alegacy alegacy alegacy approved these changes

Assignees

@stlaz stlaz

Labels
sig-auth-acceptance issues created during review for sig-auth-acceptance
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@stlaz @alegacy