Support secret filtering informer #862
Conversation
|
@skonto: The label(s) In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
afc1efb to
8f9d892
Compare
Codecov Report
@@ Coverage Diff @@
## main #862 +/- ##
=======================================
Coverage 81.39% 81.39%
=======================================
Files 18 18
Lines 1172 1172
=======================================
Hits 954 954
Misses 174 174
Partials 44 44 Continue to review full report at Codecov.
|
8f9d892 to
f2d8d3c
Compare
config/300-controller.yaml
Outdated
| @@ -48,6 +48,8 @@ spec: | |||
| value: "knative.dev/samples" | |||
| - name: KOURIER_GATEWAY_NAMESPACE | |||
| value: "kourier-system" | |||
| - name: ENABLE_SECRET_INFORMER_FILTERING_BY_CERT_UID | |||
| value: "true" | |||
There was a problem hiding this comment.
Will revert back to false, tests pass.
639d755 to
88bf41a
Compare
88bf41a to
dae609b
Compare
|
Tested in: knative/serving#13058 |
|
@skonto Could you update the |
pkg/reconciler/ingress/controller.go
Outdated
| serviceinformer "knative.dev/pkg/client/injection/kube/informers/core/v1/service" | ||
| filteredFactory "knative.dev/pkg/client/injection/kube/informers/factory/filtered" | ||
|
|
There was a problem hiding this comment.
Can you remove this blank line?
test/generate-upstream-cert.sh
Outdated
|
|
||
| kubectl create -n ${TEST_NAMESPACE} secret tls server-certs \ | ||
| --key="${out_dir}"/tls.key \ | ||
| --cert="${out_dir}"/tls.crt --dry-run=client -o yaml | kubectl apply -f - | ||
| --cert="${out_dir}"/tls.crt --dry-run=client -o yaml | \ | ||
| sed '/^metadata:/a\ \ labels: {"networking.internal.knative.dev/certificate-uid":"test-id"}' | kubectl apply -f - |
There was a problem hiding this comment.
I think we don't need to add the label to the server-certs. It is used by users' namespace and Kourier does not need to be reconciled when they updated them.
(If users started using a server cert signed by a different CA, Kourier needs to be reconciled to load the new CA but it is triggered by knative-serving-certs(=CA) change.)
There was a problem hiding this comment.
With said, the test will fail without this label? 😅
There was a problem hiding this comment.
Kourier reconciles a related ingress referencing that secret through no? Afaik it does fail I can try once more without it.
There was a problem hiding this comment.
Yes for the CA secret (=knative-serving-certs) , but should be no for the server cert (=server-certs).
But the test failed? Hmm... I misunderstood something. I will look into it as well.
There was a problem hiding this comment.
Let me try it first. I might remember wrongly.
There was a problem hiding this comment.
Ok removed the label and switched on filtering.
There was a problem hiding this comment.
@nak3 Tests passed you were right,reverting the default value for the env var.
|
/lgtm Thank you! |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: nak3, skonto The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
* support secret filtering informer * fixes * revert env var default val
Changes
Fixes #
Release Note
Docs