Bug 1905119: support custom CA bundle for AWS API #103
Conversation
staebler
changed the title
openshift-ci-robot
added
the
do-not-merge/work-in-progress
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: staebler The full list of commands accepted by this bot can be found here. DetailsNeeds approval from an approver in each of these files:Approvers can indicate their approval by writing |
|
This is my attempt at using replacement strings for the deployment asset that will look for the kube-cloud-config ConfigMap as the operator runs rather than just at initialization. |
staebler
force-pushed
the
aws-c2s-extra-replaces
branch
2 times, most recently
from
718358c to
d5ac38b
Compare
staebler
changed the title
openshift-ci-robot
added
bugzilla/severity-medium
|
@staebler: This pull request references Bugzilla bug 1905119, which is valid. The bug has been moved to the POST state. The bug has been updated to refer to the pull request using the external bug tracker. 3 validation(s) were run on this bug
DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
openshift-ci-robot
added
the
bugzilla/valid-bug
|
@staebler: This pull request references Bugzilla bug 1905119, which is valid. 3 validation(s) were run on this bug
DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
staebler
changed the title
|
This PR needs openshift/library-go#965 to merge first as it is currently using a fork of library-go with those changes. /hold |
openshift-ci-robot
added
the
do-not-merge/hold
|
@staebler: The following test failed, say
Full PR test history. Your PR dashboard. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
There was a problem hiding this comment.
Thanks for following up with this @staebler! I think this patch addresses the concerns we had related to the operator startup and templating.
Let's wait for the library-go patch to get in so we can continue here.
Edit: There seems to be some panic going on:
pods/openshift-cluster-csi-drivers_aws-ebs-csi-driver-operator-6b86c8c97-dzltt_aws-ebs-csi-driver-operator.log.gz:E1207 15:34:43.495828 1 runtime.go:78] Observed a panic: &errors.errorString{s:"v1.Deployment.Spec: v1.DeploymentSpec.Template: v1.PodTemplateSpec.Spec: v1.PodSpec.Volumes: []v1.Volume: v1.Volume.VolumeSource: ConfigMap: v1.ConfigMapVolumeSource.Optional: ReadBool: expect t or f, but found \", error found in #10 byte of ...|ptional\":\"${true}\"},|..., bigger context ...|onfigMap\":{\"name\":\"kube-cloud-config\",\"optional\":\"${true}\"},\"name\":\"ca-bundle\"},{\"emptyDir\":{},\"name|..."} (v1.Deployment.Spec: v1.DeploymentSpec.Template: v1.PodTemplateSpec.Spec: v1.PodSpec.Volumes: []v1.Volume: v1.Volume.VolumeSource: ConfigMap: v1.ConfigMapVolumeSource.Optional: ReadBool: expect t or f, but found ", error found in #10 byte of ...|ptional":"${true}"},|..., bigger context ...|onfigMap":{"name":"kube-cloud-config","optional":"${true}"},"name":"ca-bundle"},{"emptyDir":{},"name|...)```
Bump to the latest version of library-go to get changes to allow for custom string replaces on the CSI controller asset.
The determination about whether a custom CA bundle is being used is assessed when the operator starts. This can lead to incorrect behavior if the kube-cloud-config ConfigMap has not yet been created in the openshit-config-managed namespace when the operator starts. Instead of only looking for the ConfigMap at start-up, these changes will have the operator looking for the ConfigMap on every reconcile and adjusting the yaml for the controller asset accordingly.
staebler
force-pushed
the
aws-c2s-extra-replaces
branch
from
d5ac38b to
f9208d0
Compare
|
@staebler: The following test failed, say
Full PR test history. Your PR dashboard. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
|
/close |
|
@staebler: Closed this PR. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
@staebler: This pull request references Bugzilla bug 1905119. The bug has been updated to no longer refer to the pull request using the external bug tracker. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
4 participants
The determination about whether a custom CA bundle is being used is assessed when the operator starts. This can lead to incorrect behavior if the kube-cloud-config ConfigMap has not yet been created in the openshit-config-managed namespace when the operator starts. Instead of only looking for the ConfigMap at start-up, these changes will have the operator looking for the ConfigMap on every reconcile and adjusting the yaml for the controller asset accordingly.