Skip to content

fix(certificate-shim): removing duplicate parentRefs#8619

Merged
cert-manager-prow[bot] merged 1 commit into
cert-manager:masterfrom
hjoshi123:fix/remove-duplicate-parentRef
Mar 20, 2026
Merged

fix(certificate-shim): removing duplicate parentRefs#8619
cert-manager-prow[bot] merged 1 commit into
cert-manager:masterfrom
hjoshi123:fix/remove-duplicate-parentRef

Conversation

@hjoshi123

@hjoshi123 hjoshi123 commented Mar 16, 2026

Copy link
Copy Markdown
Collaborator

Pull Request Motivation

Adding extra validation so that we dont duplicate parentRefs from issuer config with the annotations on the cert object.

Kind

/kind bug

Release Note

fixed duplicate `parentRef` bug when both issuer config and annotations are present.

@cert-manager-prow cert-manager-prow Bot added kind/bug Categorizes issue or PR as related to a bug. release-note Denotes a PR that will be considered when it comes time to generate release notes. dco-signoff: yes Indicates that all commits in the pull request have the valid DCO sign-off message. area/acme Indicates a PR directly modifies the ACME Issuer code size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels Mar 16, 2026
@hjoshi123

hjoshi123 commented Mar 16, 2026

Copy link
Copy Markdown
Collaborator Author

/cc @maelvls

@cert-manager-prow cert-manager-prow Bot requested a review from maelvls March 16, 2026 03:44
@hjoshi123 hjoshi123 force-pushed the fix/remove-duplicate-parentRef branch from 701edce to 7e90655 Compare March 16, 2026 04:00
@hjoshi123 hjoshi123 requested a review from ThatsMrTalbot March 19, 2026 17:36
@maelvls maelvls mentioned this pull request Mar 20, 2026
Open
@hjoshi123 hjoshi123 mentioned this pull request Mar 20, 2026
Closed
@hjoshi123
removing duplicate parentRefs
8d6c1c8 
Signed-off-by: hjoshi123 <mail@hjoshi.me>
Signed-off-by: Hemant Joshi <mail@hjoshi.me>
@hjoshi123 hjoshi123 force-pushed the fix/remove-duplicate-parentRef branch from 7e90655 to 8d6c1c8 Compare March 20, 2026 16:12
maelvls
maelvls approved these changes Mar 20, 2026
View reviewed changes

@maelvls maelvls left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks! LGTM.

/lgtm
/approve

@cert-manager-prow cert-manager-prow Bot added the lgtm Indicates that a PR is ready to be merged. label Mar 20, 2026
@cert-manager-prow

cert-manager-prow Bot commented Mar 20, 2026

Copy link
Copy Markdown
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: maelvls

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@cert-manager-prow cert-manager-prow Bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Mar 20, 2026
@cert-manager-prow cert-manager-prow Bot merged commit 788c2f2 into cert-manager:master Mar 20, 2026
6 checks passed
rohansood10 added a commit to rohansood10/cert-manager that referenced this pull request Mar 20, 2026
@rohansood10
fix: deduplicate HTTPRoute parentRefs for multi-listener Gateways
d727955 
When a Gateway has multiple listeners (e.g., HTTP and HTTPS), the
ACME HTTP-01 solver's HTTPRoute could end up with multiple parentRefs
targeting the same Gateway without sectionName set. Gateway API v1.5.0
(used in cert-manager 1.20.0) now enforces that sectionName must be
specified when there are 2+ parentRefs to the same parent, causing
solver HTTPRoute creation to fail in an infinite error loop.

The root cause deduplication in applyGatewayAPIAnnotationParentRefOverride
was addressed in cert-manager#8619. This commit adds a defense-in-depth
deduplicateParentRefs() call in generateHTTPRouteSpec to catch any
remaining duplicate parentRefs that might slip through other code paths,
along with additional test coverage for the annotation-override
deduplication behavior.

Fixes cert-manager#8611

Signed-off-by: Rohan Sood <56945243+rohansood10@users.noreply.github.com>
@weeix weeix mentioned this pull request Mar 27, 2026
Closed
@maelvls

maelvls commented Mar 27, 2026

Copy link
Copy Markdown
Member

/cherry-pick release-1.20

@cert-manager-bot

cert-manager-bot commented Mar 27, 2026

Copy link
Copy Markdown
Contributor

@maelvls: new pull request created: #8658

Details

In response to this:

/cherry-pick release-1.20

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@cert-manager-bot cert-manager-bot mentioned this pull request Mar 27, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@maelvls maelvls maelvls approved these changes

@ThatsMrTalbot ThatsMrTalbot Awaiting requested review from ThatsMrTalbot

Assignees

No one assigned

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. area/acme Indicates a PR directly modifies the ACME Issuer code dco-signoff: yes Indicates that all commits in the pull request have the valid DCO sign-off message. kind/bug Categorizes issue or PR as related to a bug. lgtm Indicates that a PR is ready to be merged. release-note Denotes a PR that will be considered when it comes time to generate release notes. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@hjoshi123 @maelvls @cert-manager-bot