Handle caBundleSecretRef in the shard controller#132
Handle caBundleSecretRef in the shard controller#132kcp-ci-bot merged 2 commits intokcp-dev:mainfrom
Conversation
…ClusterAdminKubeconfig Signed-off-by: Cyrill Berg <cyrill.berg@bwi.de>
Signed-off-by: Cyrill Berg <cyrill.berg@bwi.de>
|
Hi @BergCyrill. Thanks for your PR. I'm waiting for a kcp-dev member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
mjudeikis
left a comment
There was a problem hiding this comment.
/lgtm
/approve
I suspect this slipped. Thanks!!!!
|
LGTM label has been added. DetailsGit tree hash: cd274cc5158bf4b0a0398655af3a4041732ac29e |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: mjudeikis The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Summary
This PR adds the handling of the provided secret in the shards spec at .spec.caBundleSecretRef to the shards external logical cluster kubeconfig. This behavior is described in the CRD but is currently not implemented. This leads to issues if the externalHostname does not have the same certificate issuer as the serverCA (e.g. front-proxy with lets encrypt certificate and the rootShard & shard with self signed certificates).
The controller tests are extended to test for the correct path in the certificateAuthority property of the kubeconfig.
What Type of PR Is This?
/kind bug
Related Issue(s)
/
Release Notes