这是indexloc提供的服务,不要输入任何密码
Skip to content

Allow disabling AutoTLS with an annotation #9194

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 21 commits into from
Sep 2, 2020
Merged

Allow disabling AutoTLS with an annotation #9194

merged 21 commits into from
Sep 2, 2020

Conversation

arturenault
Copy link
Contributor

/lint

Fixes #8567

Release Note

Add the ability to disable AutoTLS on a per-route basis using the networking.knative.dev/disableAutoTLS. When set to "true", the annotation will force AutoTLS to be disabled on the route, regardless of cluster configuration.

Pending on knative/networking#124.

@knative-prow-robot knative-prow-robot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Aug 27, 2020
@googlebot googlebot added the cla: yes Indicates the PR's author has signed the CLA. label Aug 27, 2020
@knative-prow-robot
Copy link
Contributor

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

@knative-prow-robot knative-prow-robot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. area/API API objects and controllers labels Aug 27, 2020
knative-prow-robot
knative-prow-robot reviewed Aug 27, 2020
View reviewed changes
Copy link
Contributor

@knative-prow-robot knative-prow-robot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@arturenault: 0 warnings.

In response to this:

/lint

Fixes #8567

Release Note

Add the ability to disable AutoTLS on a per-route basis using the networking.knative.dev/disableAutoTLS. When set to "true", the annotation will force AutoTLS to be disabled on the route, regardless of cluster configuration.

Pending on knative/networking#124.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

vagababov
vagababov reviewed Aug 28, 2020
View reviewed changes
julz
julz reviewed Aug 28, 2020
View reviewed changes
@arturenault arturenault changed the title Allow disabling AutoTLS with an annotation [WIP] Allow disabling AutoTLS with an annotation Aug 28, 2020
@arturenault arturenault mentioned this pull request Aug 28, 2020
Closed
mattmoor
mattmoor reviewed Aug 31, 2020
View reviewed changes
Copy link
Member

@mattmoor mattmoor left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Produced via:
gofmt -s -w $(find -path './vendor' -prune -o -path './third_party' -prune -o -name '*.pb.go' -prune -o -type f -name '*.go' -print)
goimports -w $(find -name '*.go' | grep -v vendor | grep -v third_party | grep -v .pb.go | grep -v wire_gen.go)

mattmoor
mattmoor reviewed Aug 31, 2020
View reviewed changes
Copy link
Member

@mattmoor mattmoor left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Produced via:
gofmt -s -w $(find -path './vendor' -prune -o -path './third_party' -prune -o -name '*.pb.go' -prune -o -type f -name '*.go' -print)
goimports -w $(find -name '*.go' | grep -v vendor | grep -v third_party | grep -v .pb.go | grep -v wire_gen.go)

@knative-prow-robot knative-prow-robot added size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. area/autoscale area/test-and-release It flags unit/e2e/conformance/perf test issues for product features and removed size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels Aug 31, 2020
@googlebot
Copy link

All (the pull request submitter and all commit authors) CLAs are signed, but one or more commits were authored or co-authored by someone other than the pull request submitter.

We need to confirm that all authors are ok with their commits being contributed to this project. Please have them confirm that by leaving a comment that contains only @googlebot I consent. in this pull request.

Note to project maintainer: There may be cases where the author cannot leave a comment, or the comment is not properly detected as consent. In those cases, you can manually confirm consent of the commit author(s), and set the cla label to yes (if enabled on your project).

ℹ️ Googlers: Go here for more info.

@googlebot googlebot added cla: no Indicates the PR's author has not signed the CLA. and removed cla: yes Indicates the PR's author has signed the CLA. labels Aug 31, 2020
@knative-prow-robot knative-prow-robot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. and removed size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. labels Aug 31, 2020
@arturenault arturenault force-pushed the disableAutoTLS branch 3 times, most recently from 4dc0198 to a10d868 Compare August 31, 2020 22:53
@vagababov
Copy link
Contributor

@googlebot I consent.

@arturenault arturenault marked this pull request as ready for review September 1, 2020 16:21
vagababov
vagababov reviewed Sep 2, 2020
View reviewed changes
pkg/reconciler/route/route.go Outdated
networking.DisableAutoTLSAnnotationKey, annotationValue)
}

return config.FromContext(ctx).Network.AutoTLS && !disabledByAnnotation
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we check this from the beginning? Why do all the parsing etc, if this is already false?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yeah good point. i'll restructure this

arturenault and others added 4 commits September 2, 2020 15:07
@vagababov
Copy link
Contributor

@googlebot I consent.

@vagababov vagababov added cla: yes Indicates the PR's author has signed the CLA. and removed cla: no Indicates the PR's author has not signed the CLA. labels Sep 2, 2020
@vagababov
Copy link
Contributor

/lgtm

@googlebot
Copy link

A Googler has manually verified that the CLAs look good.

(Googler, please make sure the reason for overriding the CLA status is clearly documented in these comments.)

ℹ️ Googlers: Go here for more info.

@knative-prow-robot knative-prow-robot added the lgtm Indicates that a PR is ready to be merged. label Sep 2, 2020
@knative-metrics-robot
Copy link

The following is the coverage report on the affected files.
Say /test pull-knative-serving-go-coverage to re-run this coverage report

File Old Coverage New Coverage Delta
pkg/reconciler/route/route.go 84.5% 85.2% 0.7

@knative-prow-robot
Copy link
Contributor

@arturenault: The following tests failed, say /retest to rerun all failed tests:

Test name Commit Details Rerun command
pull-knative-serving-contour-latest e8a3923 link /test pull-knative-serving-contour-latest
pull-knative-serving-istio-stable-mesh e8a3923 link /test pull-knative-serving-istio-stable-mesh

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

@ZhiminXiang
Copy link

/lgtm
/approve

@knative-prow-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: arturenault, ZhiminXiang

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@knative-prow-robot knative-prow-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Sep 2, 2020
@knative-prow-robot knative-prow-robot merged commit 7bf7064 into knative:master Sep 2, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@julz julz julz left review comments

@vagababov vagababov vagababov left review comments

@mattmoor mattmoor mattmoor left review comments

@ZhiminXiang ZhiminXiang ZhiminXiang left review comments

@knative-prow-robot knative-prow-robot knative-prow-robot left review comments

@mdemirhan mdemirhan Awaiting requested review from mdemirhan

Assignees

@vagababov vagababov

@ZhiminXiang ZhiminXiang

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. area/API API objects and controllers area/autoscale area/networking area/test-and-release It flags unit/e2e/conformance/perf test issues for product features cla: yes Indicates the PR's author has signed the CLA. lgtm Indicates that a PR is ready to be merged. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Support disabling auto TLS per Route when the global auto TLS is enabled
8 participants
@arturenault @knative-prow-robot @googlebot @vagababov @mattmoor @knative-metrics-robot @ZhiminXiang @julz