Ingress controller loads TLS cert/key from volume mount#623
Ingress controller loads TLS cert/key from volume mount#623istio-merge-robot merged 8 commits intoistio:masterfrom myidpt:ingress
Conversation
|
@kyessenov @ldemailly @andraxylia PTAL. Thanks! |
| data: | ||
| tls.key: | ||
| tls.crt: | ||
| --- |
There was a problem hiding this comment.
Is it to prevent the container from not starting until the CA generates the secret?
There was a problem hiding this comment.
You are partially right - this is to prevent container from not starting.
The ingress controller TLS key/cert (for external traffic) is not managed by CA. The operator needs to replace the secret with the real ones when TLS is enabled for external traffic.
To be specific, the operators needs to do:
kubectl delete secret istio-ingress-certs; kubectl create secret tls istio-ingress-certs --key /tmp/tls.key --cert /tmp/tls.crt
|
/lgtm cancel //PR changed after LGTM, removing LGTM. @myidpt |
|
/retest |
|
/lgtm |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: ldemailly The full list of commands accepted by this bot can be found here. DetailsNeeds approval from an approver in each of these OWNERS Files:
You can indicate your approval by writing |
|
@yutongz @sebastienvas Hi folks, can you please take a look at the error? It seems the quota is insufficient for project 450874614208. |
|
/retest |
|
/test all [submit-queue is verifying that this PR is safe to merge] |
|
Automatic merge from submit-queue |
|
hey can you redo this such as it sticks when someone does updateVersion ? |
Unfortunately running install/updateVersion.sh -x gcr.io/istio-testing,f043c7ea6bf68cb1603a7e17e9e1b3ac8b568859 Has the side effect of undoing #623
|
@myidpt: The following tests failed, say
DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
Automatic merge from submit-queue Ingress controller loads TLS cert/key from volume mount This PR enables ingress controller to load TLS cert/key from volume mount, which is set by operator from secret. This PR with istio/old_pilot_repo#1149 fixes #1134. **Release note**: ```release-note Ingress controller loads TLS cert/key from volume mount ``` Former-commit-id: 07d20b5
Automatic merge from submit-queue Ingress controller loads TLS cert/key from volume mount This PR enables ingress controller to load TLS cert/key from volume mount, which is set by operator from secret. This PR with istio/old_pilot_repo#1149 fixes istio#1134. **Release note**: ```release-note Ingress controller loads TLS cert/key from volume mount ``` Former-commit-id: 07d20b5
Automatic merge from submit-queue Ingress controller loads TLS cert/key from volume mount This PR enables ingress controller to load TLS cert/key from volume mount, which is set by operator from secret. This PR with istio/old_pilot_repo#1149 fixes #1134. **Release note**: ```release-note Ingress controller loads TLS cert/key from volume mount ``` Former-commit-id: 07d20b5
* Add conffiles to avoid overriding on upgrade * Fix the 'x' used for debugging
…ecks (istio#623) Signed-off-by: Chun Lin Yang <clyang@cn.ibm.com>
…stio#623) * Ignore a warning in kubectl apply when namespace is already created. * Add TODO and k8s issue number. * Fix PR comments.
* add EnforcementMode to RbacConfig * add more comment * add more comment
Co-authored-by: mkralik3 <mkralik@redhat.com>
This PR enables ingress controller to load TLS cert/key from volume mount, which is set by operator from secret.
This PR with istio/old_pilot_repo#1149 fixes istio/old_pilot_repo#1134.
Release note: