Add reconciler logic for DomainMapping AutoTLS #10467
Conversation
|
Skipping CI for Draft Pull Request. |
1cc4246 to
5059cc8
Compare
Codecov Report
@@ Coverage Diff @@
## master #10467 +/- ##
==========================================
+ Coverage 88.02% 88.07% +0.05%
==========================================
Files 187 187
Lines 8808 8849 +41
==========================================
+ Hits 7753 7794 +41
- Misses 814 816 +2
+ Partials 241 239 -2
Continue to review full report at Codecov.
|
2af2bd4 to
1508951
Compare
1508951 to
114be33
Compare
114be33 to
c674cdf
Compare
|
/test pull-knative-serving-istio-stable-no-mesh-tls |
1 similar comment
|
/test pull-knative-serving-istio-stable-no-mesh-tls |
| annotationValue := dm.Annotations[networking.DisableAutoTLSAnnotationKey] | ||
| disabledByAnnotation, err := strconv.ParseBool(annotationValue) | ||
| if annotationValue != "" && err != nil { | ||
| // validation should've caught an invalid value here. | ||
| // if we have one anyways, assume not disabled and log a warning. | ||
| logger.Warnf("Invalid annotation value for %q. Value: %q", | ||
| networking.DisableAutoTLSAnnotationKey, annotationValue) |
There was a problem hiding this comment.
this looks like a method on DM itself?
There was a problem hiding this comment.
Sure, I'll follow up.
| // Check that our Reconciler implements CertificateAccessor | ||
| var _ networkaccessor.CertificateAccessor = (*Reconciler)(nil) | ||
|
|
||
| // GetNetworkingClient implements networking.CertificateAccessor |
There was a problem hiding this comment.
There was a problem hiding this comment.
I don't see a call to GetNetworkingClient there.
There was a problem hiding this comment.
Hm, it's passed down... not sure we should do pass reconciler down. Rather we should pass down the networking client.
There was a problem hiding this comment.
I can follow up with a change to fix route and domainmapping reconciler both.
| return r.netclient | ||
| } | ||
|
|
||
| // GetCertificateLister implements networking.CertificateAccessor |
There was a problem hiding this comment.
|
/assign @vagababov @YoussB |
|
/assign @julz |
Co-authored-by: Julian Friedman <julz.friedman@uk.ibm.com>
|
/test pull-knative-serving-istio-stable-no-mesh |
|
/hold |
|
/unhold @julz @vagababov I've addressed most of your feedbacks, except for a few that I will follow up. |
There was a problem hiding this comment.
/lgtm
/hold so @vagababov can have a look and in case you want to do the little suggested refactor (but Im fine if you prefer this way or want to do it separately).
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: julz, tcnghia The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
265eab7 to
6220801
Compare
Co-authored-by: Victor Agababov <vagababov@gmail.com>
|
/lgtm |
| "knative.dev/serving/pkg/apis/serving/v1alpha1" | ||
| domainmappingreconciler "knative.dev/serving/pkg/client/injection/reconciler/serving/v1alpha1/domainmapping" | ||
| "knative.dev/serving/pkg/reconciler/domainmapping/config" | ||
| "knative.dev/serving/pkg/reconciler/domainmapping/resources" | ||
| routeresources "knative.dev/serving/pkg/reconciler/route/resources" |
There was a problem hiding this comment.
Can we move this somewhere common?
There was a problem hiding this comment.
I'll follow up with that as well.
There was a problem hiding this comment.
Got an issue with a DomainMapping:
party knative.party Unknown NewObservedGenFailure
Looking at the logs of the kcert:
Warning InternalError 3m23s (x17 over 8m51s) certificate-controller Service "knative.party" is invalid: metadata.name: Invalid value: "knative.party": a DNS-1035 label must consist of lower case alphanumeric characters or '-', start with an alphabetic character, and end with an alphanumeric character (e.g. 'my-name', or 'abc-123', regex used for validation is '[a-z]([-a-z0-9]*[a-z0-9])?')```
There was a problem hiding this comment.
I believe you need to update net-http01, let's discuss in slack
Part of #10247
Proposed Changes
Release Note