Skip to content

Delete logic to publish router-ca configmap#377

Merged
openshift-merge-robot merged 1 commit intoopenshift:masterfrom
Miciah:delete-logic-to-publish-router-ca-configmap
Apr 17, 2020
Merged

Delete logic to publish router-ca configmap#377
openshift-merge-robot merged 1 commit intoopenshift:masterfrom
Miciah:delete-logic-to-publish-router-ca-configmap

Conversation

@Miciah
Copy link
Contributor

@Miciah Miciah commented Mar 14, 2020
edited
Loading

Delete logic to publish the router-ca configmap in the openshift-config-managed namespace; the router-ca configmap is superseded by the default-ingress-cert configmap in the same namespace.

Follow-up to #331. Fixes #378.

  • pkg/operator/controller/certificate/controller.go (New): Delete initialization of cache; only the client is still needed after this commit.
    (reconciler): Delete cache field.
    (Reconcile): Delete call to ensureRouterCAConfigMap.
  • pkg/operator/controller/certificate/publish_ca.go (ensureRouterCAConfigMap, desiredRouterCAConfigMap, shouldPublishRouterCA): Delete.
  • pkg/operator/controller/certificate/publish_ca_test.go: Delete file.
    (TestShouldPublishRouterCA): Delete test.
  • pkg/operator/controller/names.go (RouterCAConfigMapName): Delete function.
  • test/e2e/operator_test.go (TestUpdateDefaultIngressController): Delete checks for the router-ca configmap.
    (TestRouterCACertificate): Rename...
    (TestDefaultIngressCertificate): ...to this. Check for the default-ingress-cert configmap instead of the router-ca configmap.

@deads2k, @benjaminapetersen, the plan was to stop publishing router-ca in 4.4.0, so this change is past due; is it safe to do so yet? Let's see whether CI passes...

@openshift-ci-robot openshift-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Mar 14, 2020
@Miciah
Copy link
Contributor Author

Miciah commented Mar 23, 2020

/retest

@Miciah
Copy link
Contributor Author

Miciah commented Mar 23, 2020

OpenShift Console is failing to get a token from the OAuth issuer endpoint because of an "x509: certificate signed by unknown authority" error.

@ironcladlou
Copy link
Contributor

ironcladlou commented Mar 27, 2020

@Miciah

OpenShift Console is failing to get a token from the OAuth issuer endpoint because of an "x509: certificate signed by unknown authority" error.

You suspect that's because of this change?

@Miciah
Copy link
Contributor Author

Miciah commented Mar 27, 2020

OpenShift Console is failing to get a token from the OAuth issuer endpoint because of an "x509: certificate signed by unknown authority" error.

You suspect that's because of this change?

openshift/console-operator#403 should fix it.

@stlaz
Copy link

stlaz commented Mar 30, 2020

Installer still seems to be adding the router-ca to the kubeconfig - https://github.com/openshift/installer/blob/406e9079e5430950b7c256e0ccf98d0e625f8d9d/cmd/openshift-install/create.go#L196-L243

@Miciah Miciah mentioned this pull request Mar 30, 2020
Merged
@Miciah
Copy link
Contributor Author

Miciah commented Mar 30, 2020

Thanks! I made openshift/installer#3380 to update the installer to use default-ingress-cert.

@Miciah
Copy link
Contributor Author

Miciah commented Apr 17, 2020

/retest
now that openshift/console-operator#403 has merged.

benjaminapetersen
benjaminapetersen approved these changes Apr 17, 2020
View reviewed changes
Copy link

@benjaminapetersen benjaminapetersen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, just thinking about how much of a cushion you want. 4.5 or right away in 4.6.

@Miciah Miciah force-pushed the delete-logic-to-publish-router-ca-configmap branch 2 times, most recently from 15a193a to da7871e Compare April 17, 2020 18:04
@Miciah
Delete logic to publish router-ca configmap
605c5c4 
Delete logic to publish the "router-ca" configmap in the
"openshift-config-managed" namespace; the "router-ca" configmap is
superseded by the "default-ingress-cert" configmap in the same namespace.

Follow-up to commit 9640767.

* pkg/operator/controller/certificate/controller.go (New): Delete
initialization of cache; only the client is still needed after this commit.
(reconciler): Delete cache field.
(Reconcile): Delete call to ensureRouterCAConfigMap.
* pkg/operator/controller/certificate/publish_ca.go
(ensureRouterCAConfigMap, desiredRouterCAConfigMap, shouldPublishRouterCA):
Delete.
* pkg/operator/controller/certificate/publish_ca_test.go: Delete file.
(TestShouldPublishRouterCA): Delete test.
* pkg/operator/controller/names.go (RouterCAConfigMapName): Delete
function.
* test/e2e/operator_test.go (TestUpdateDefaultIngressController): Delete
checks for the "router-ca" configmap.
(TestRouterCACertificate): Rename...
(TestDefaultIngressCertificate): ...to this.  Check for the
"default-ingress-cert" configmap instead of the "router-ca" configmap.
@Miciah Miciah force-pushed the delete-logic-to-publish-router-ca-configmap branch from da7871e to 605c5c4 Compare April 17, 2020 18:05
@ironcladlou
Copy link
Contributor

ironcladlou commented Apr 17, 2020

/lgtm

@openshift-ci-robot openshift-ci-robot added the lgtm Indicates that a PR is ready to be merged. label Apr 17, 2020
@openshift-ci-robot
Copy link
Contributor

openshift-ci-robot commented Apr 17, 2020

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: benjaminapetersen, ironcladlou, Miciah

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@danehans
Copy link
Contributor

danehans commented Apr 17, 2020

failed to acquire lease: resources not found
/retest

@openshift-merge-robot openshift-merge-robot merged commit 34baa38 into openshift:master Apr 17, 2020
@stlaz stlaz mentioned this pull request Apr 20, 2020
Merged
@soltysh soltysh mentioned this pull request Apr 21, 2020
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@frobware frobware Awaiting requested review from frobware

@knobunc knobunc Awaiting requested review from knobunc

1 more reviewer

@benjaminapetersen benjaminapetersen benjaminapetersen approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@ironcladlou ironcladlou

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. lgtm Indicates that a PR is ready to be merged.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Remove router-ca

7 participants

@Miciah @ironcladlou @stlaz @openshift-ci-robot @danehans @benjaminapetersen @openshift-merge-robot