Enable Cert Manager #8509

matzew · 2025-02-26T15:26:10Z

Fixes #

Proposed Changes

in sink controller we create the cert-mgr informer based on the fact if TLS is enabled

Pre-review Checklist

At least 80% unit test coverage
E2E tests for any new behavior
Docs PR for any user-facing impact
Spec PR for any new API feature
Conformance test for any change to the spec

Release Note

TLS / Cert Manager integration for IntegrationSink

Docs

knative-prow · 2025-02-26T15:26:19Z

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: matzew

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

~~OWNERS~~ [matzew]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

matzew · 2025-02-26T15:27:18Z

pkg/certificates/certificate.go

 }
+
+func deploymentName(sinkName string) string {
+	return kmeta.ChildName(sinkName, "-deployment")


I think on the "generic" certificate factory we could just pass in the name of the deployment to the MakeCert function

cmd/controller/main.go

matzew · 2025-02-26T15:27:36Z

pkg/reconciler/integration/sink/controller.go

-		eventPolicyLister: eventPolicyInformer.Lister(),
-		//cmCertificateLister: cmCertificateInformer.Lister(),
-		//certManagerClient:   cmclient.Get(ctx),
+		secretLister:        secretInformer.Lister(),


knoob needed

matzew · 2025-02-26T15:28:34Z

This needs the knob for turning on/off the "cert manager" hooks.

As discussed in #8385 (review)

pkg/reconciler/integration/sink/controller.go

matzew · 2025-03-05T09:45:22Z

With the manual created lister, I seem to get error

{"level":"error","ts":"2025-03-05T09:28:42.424Z","logger":"controller","caller":"controller/controller.go:564","msg":"Reconcile error","commit":"794d3a1-dirty","knative.dev/pod":"eventing-controller-f554cb8c9-tgwzz","knative.dev/controller":"knative.dev.eventing.pkg.reconciler.integration.sink.Reconciler","knative.dev/kind":"sinks.knative.dev.IntegrationSink","knative.dev/traceid":"9f6eac8e-fd4f-4229-ba0c-7cef645deb97","knative.dev/key":"test-gpgbdyap/integrationsink-mmxezqvd","duration":0.018033456,"error":"creating new Certificate: certificates.cert-manager.io \"integrationsink-mmxezqvd-server-tls\" already exists","stacktrace":"knative.dev/pkg/controller.(*Impl).handleErr\n\tknative.dev/pkg@v0.0.0-20250226145529-0372c089c78f/controller/controller.go:564\nknative.dev/pkg/controller.(*Impl).processNextWorkItem\n\tknative.dev/pkg@v0.0.0-20250226145529-0372c089c78f/controller/controller.go:541\nknative.dev/pkg/controller.(*Impl).RunContext.func3\n\tknative.dev/pkg@v0.0.0-20250226145529-0372c089c78f/controller/controller.go:489"}

And yes, it gets once created, but I end up in the IsNotFound, where the create than fails like above

https://github.com/matzew/eventing/blob/enable_cert_mgr/pkg/reconciler/integration/sink/integrationsink.go#L175-L183

pierDipi · 2025-03-05T09:57:08Z

@matzew you need to label the certificate with that label app.kubernetes.io/component=knative-eventing https://github.com/matzew/eventing/blob/1ae012d15dde0de849b485de71382fa726ab0a47/pkg/certificates/certificate.go#L37-L41

matzew · 2025-03-05T15:05:55Z

pkg/reconciler/integration/sink/integrationsink.go

+			logging.FromContext(ctx).Errorw("Error reconciling Certificate", zap.Error(err))
+			return err
+		}
+	}


TODO: delete certificate once the feature is turned.

matzew · 2025-03-05T15:10:24Z

pkg/reconciler/integration/sink/controller.go

 		impl.EnqueueKey,
 	))

+	cmCertificateInformer.Informer().AddEventHandler(controller.HandleAll(impl.Enqueue))


Todo: better filtering.

matzew · 2025-03-06T07:35:36Z

TODO: delete certificate once the feature is turned off
-> will do in a separate PR

More unit tests for reconciler will come too

Signed-off-by: Matthias Wessendorf <mwessend@redhat.com>

pierDipi · 2025-03-06T08:09:49Z

pkg/reconciler/integration/sink/controller.go

+				}()
+
+			} else {
+				cancelFunc, cancelExists := ctx.Value("cancelFunc").(context.CancelFunc)


where is this set?

ah. yeah. right

pierDipi · 2025-03-06T08:10:33Z

pkg/reconciler/integration/sink/controller.go

+					factory.Start(ctx.Done())
+
+					if !cache.WaitForCacheSync(ctx.Done(), cmCertificateInformer.Informer().HasSynced) {
+						logging.FromContext(ctx).Error("Failed to sync Cert Manager Certificate informer")
+					}


this ctx will only complete when the pod exits, so this might leak informers watchers/connections, I think we need a "sub-context" for only this factory start/stop

ok, let me take a look

diff --git a/pkg/certificates/certificate.go b/pkg/certificates/certificate.go index 67f7aa308..cb97e58be 100644 --- a/pkg/certificates/certificate.go +++ b/pkg/certificates/certificate.go @@ -17,16 +17,96 @@ limitations under the License. package certificates import ( + "context" "fmt" + "sync" + "sync/atomic" "time" cmv1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" cmmeta "github.com/cert-manager/cert-manager/pkg/apis/meta/v1" - "knative.dev/pkg/kmeta" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/cache" + "knative.dev/eventing/pkg/apis/feature" + cmclient "knative.dev/eventing/pkg/client/certmanager/clientset/versioned" + cminformers "knative.dev/eventing/pkg/client/certmanager/informers/externalversions" + cmlistersv1 "knative.dev/eventing/pkg/client/certmanager/listers/certmanager/v1" + "knative.dev/pkg/controller" + "knative.dev/pkg/injection" + "knative.dev/pkg/kmeta" + "knative.dev/pkg/logging" ) +type DynamicCertificatesInformer struct { + cancel atomic.Pointer[context.CancelFunc] + lister atomic.Pointer[cmlistersv1.CertificateLister] + mu sync.Mutex +} + +func NewDynamicCertificatesInformer() *DynamicCertificatesInformer { + return &DynamicCertificatesInformer{ + cancel: atomic.Pointer[context.CancelFunc]{}, + lister: atomic.Pointer[cmlistersv1.CertificateLister]{}, + mu: sync.Mutex{}, + } +} + +func (df *DynamicCertificatesInformer) Reconcile(ctx context.Context, features feature.Flags, handler cache.ResourceEventHandler) error { + df.mu.Lock() + defer df.mu.Unlock() + if !features.IsPermissiveTransportEncryption() && !features.IsStrictTransportEncryption() { + return df.stop(ctx) + } + if df.cancel.Load() != nil { + return nil + } + ctx, cancel := context.WithCancel(ctx) + + client := cmclient.NewForConfigOrDie(injection.GetConfig(ctx)) + + factory := cminformers.NewSharedInformerFactoryWithOptions( + client, + controller.DefaultResyncPeriod, + cminformers.WithTweakListOptions(func(options *metav1.ListOptions) { + options.LabelSelector = "app.kubernetes.io/component=knative-eventing" + }), + ) + informer := factory.Certmanager().V1().Certificates() + informer.Informer().AddEventHandler(handler) + + factory.Start(ctx.Done()) + if !cache.WaitForCacheSync(ctx.Done(), informer.Informer().HasSynced) { + defer cancel() + return fmt.Errorf("failed to sync cert-manager Certificate informer") + } + + lister := informer.Lister() + df.lister.Store(&lister) + df.cancel.Store(&cancel) // Cancel is always set as last field since it's used as a "guard". + + return nil +} + +func (df *DynamicCertificatesInformer) stop(ctx context.Context) error { + cancel := df.cancel.Load() + if cancel == nil { + logging.FromContext(ctx).Debugw("Certificate informer has not been started, nothing to stop") + return nil + } + + (*cancel)() + df.lister.Store(nil) + df.cancel.Store(nil) // Cancel is always set as last field since it's used as a "guard". + return nil +} + +func (df *DynamicCertificatesInformer) Lister() *atomic.Pointer[cmlistersv1.CertificateLister] { + df.mu.Lock() + defer df.mu.Unlock() + + return &df.lister +} + func CertificateName(objName string) string { return kmeta.ChildName(objName, "-server-tls") } diff --git a/pkg/reconciler/integration/sink/controller.go b/pkg/reconciler/integration/sink/controller.go index dcc181adc..3cdbab854 100644 --- a/pkg/reconciler/integration/sink/controller.go +++ b/pkg/reconciler/integration/sink/controller.go @@ -19,19 +19,18 @@ package sink import ( "context" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "go.uber.org/zap" "k8s.io/client-go/tools/cache" - certmanagerclient "knative.dev/eventing/pkg/client/certmanager/clientset/versioned" - certmanagerinformers "knative.dev/eventing/pkg/client/certmanager/informers/externalversions" - "knative.dev/pkg/injection" - "knative.dev/eventing/pkg/apis/feature" - v1alpha1 "knative.dev/eventing/pkg/apis/sinks/v1alpha1" + "knative.dev/eventing/pkg/apis/sinks/v1alpha1" "knative.dev/eventing/pkg/auth" + "knative.dev/eventing/pkg/certificates" + cmclient "knative.dev/eventing/pkg/client/certmanager/clientset/versioned" "knative.dev/eventing/pkg/client/injection/informers/eventing/v1alpha1/eventpolicy" "knative.dev/eventing/pkg/client/injection/informers/sinks/v1alpha1/integrationsink" deploymentinformer "knative.dev/pkg/client/injection/kube/informers/apps/v1/deployment" "knative.dev/pkg/client/injection/kube/informers/core/v1/service" + "knative.dev/pkg/injection" pkgreconciler "knative.dev/pkg/reconciler" integrationsinkreconciler "knative.dev/eventing/pkg/client/injection/reconciler/sinks/v1alpha1/integrationsink" @@ -52,12 +51,15 @@ func NewController( deploymentInformer := deploymentinformer.Get(ctx) serviceInformer := service.Get(ctx) + dynamicCertificateInformer := certificates.NewDynamicCertificatesInformer() r := &Reconciler{ - kubeClientSet: kubeclient.Get(ctx), - deploymentLister: deploymentInformer.Lister(), - serviceLister: serviceInformer.Lister(), - secretLister: secretInformer.Lister(), - eventPolicyLister: eventPolicyInformer.Lister(), + secretLister: secretInformer.Lister(), + eventPolicyLister: eventPolicyInformer.Lister(), + kubeClientSet: kubeclient.Get(ctx), + deploymentLister: deploymentInformer.Lister(), + serviceLister: serviceInformer.Lister(), + cmCertificateLister: *dynamicCertificateInformer.Lister(), + certManagerClient: cmclient.NewForConfigOrDie(injection.GetConfig(ctx)), } logging.FromContext(ctx).Info("Creating IntegrationSink controller") @@ -66,40 +68,15 @@ func NewController( featureStore := feature.NewStore(logging.FromContext(ctx).Named("feature-config-store"), func(name string, value interface{}) { if globalResync != nil { - globalResync(nil) - } - if features, ok := value.(feature.Flags); ok { - // we assume that Cert-Manager is installed in the cluster if the feature flag is enabled - if features.IsPermissiveTransportEncryption() || features.IsStrictTransportEncryption() { - - go func() { // Start and register informer - certManagerClient := certmanagerclient.NewForConfigOrDie(injection.GetConfig(ctx)) - factory := certmanagerinformers.NewSharedInformerFactoryWithOptions( - certManagerClient, - controller.DefaultResyncPeriod, - certmanagerinformers.WithTweakListOptions(func(options *v1.ListOptions) { - options.LabelSelector = "app.kubernetes.io/component=knative-eventing" - }), - ) - cmCertificateInformer := factory.Certmanager().V1().Certificates() - r.cmCertificateLister = cmCertificateInformer.Lister() - r.certManagerClient = certManagerClient - - cmCertificateInformer.Informer().AddEventHandler(controller.HandleAll(globalResync)) - factory.Start(ctx.Done()) - - if !cache.WaitForCacheSync(ctx.Done(), cmCertificateInformer.Informer().HasSynced) { - logging.FromContext(ctx).Error("Failed to sync Cert Manager Certificate informer") - } - }() - - } else { - cancelFunc, cancelExists := ctx.Value("cancelFunc").(context.CancelFunc) - if cancelExists { - go cancelFunc() + if features, ok := value.(feature.Flags); ok { + // we assume that Cert-Manager is installed in the cluster if the feature flag is enabled + if err := dynamicCertificateInformer.Reconcile(ctx, features, controller.HandleAll(globalResync)); err != nil { + logging.FromContext(ctx).Errorw("Failed to start certificates dynamic factory", zap.Error(err)) } } + + globalResync(nil) } }) featureStore.WatchConfigs(cmw) diff --git a/pkg/reconciler/integration/sink/integrationsink.go b/pkg/reconciler/integration/sink/integrationsink.go index 0f5a338bc..8e7f77b44 100644 --- a/pkg/reconciler/integration/sink/integrationsink.go +++ b/pkg/reconciler/integration/sink/integrationsink.go @@ -19,8 +19,10 @@ package sink import ( "context" "fmt" + "sync/atomic" "knative.dev/eventing/pkg/certificates" + certmanagerlisters "knative.dev/eventing/pkg/client/certmanager/listers/certmanager/v1" cmv1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" @@ -47,8 +49,6 @@ import ( certmanagerclientset "knative.dev/eventing/pkg/client/certmanager/clientset/versioned" - certmanagerlisters "knative.dev/eventing/pkg/client/certmanager/listers/certmanager/v1" - "knative.dev/eventing/pkg/eventingtls" duckv1 "knative.dev/pkg/apis/duck/v1" "knative.dev/pkg/controller" @@ -74,7 +74,7 @@ type Reconciler struct { deploymentLister appsv1listers.DeploymentLister serviceLister corev1listers.ServiceLister - cmCertificateLister certmanagerlisters.CertificateLister + cmCertificateLister atomic.Pointer[certmanagerlisters.CertificateLister] certManagerClient certmanagerclientset.Interface } @@ -174,7 +174,12 @@ func (r *Reconciler) reconcileCMCertificate(ctx context.Context, sink *sinks.Int expected := certificates.MakeCertificate(sink, sink.Name) - cert, err := r.cmCertificateLister.Certificates(sink.Namespace).Get(expected.Name) + lister := r.cmCertificateLister.Load() + if lister == nil { + return nil, fmt.Errorf("no cer-manager certificate lister created yet, this should never happen") + } + + cert, err := (*lister).Certificates(sink.Namespace).Get(expected.Name) if apierrors.IsNotFound(err) { cert, err := r.certManagerClient.CertmanagerV1().Certificates(sink.Namespace).Create(ctx, expected, metav1.CreateOptions{}) if err != nil {

Something like this I guess

hitting this:

logging.FromContext(ctx).Debugw("Certificate informer has not been started, nothing to stop")

than later it is stuck here:

return nil, fmt.Errorf("no cer-manager certificate lister created yet, this should never happen")

codecov · 2025-03-06T08:13:20Z

Codecov Report

Attention: Patch coverage is 51.28205% with 38 lines in your changes missing coverage. Please review.

Project coverage is 64.19%. Comparing base (615a071) to head (06bd3bb).
Report is 1 commits behind head on main.

Files with missing lines	Patch %	Lines
pkg/reconciler/integration/sink/controller.go	0.00%	32 Missing ⚠️
pkg/reconciler/integration/sink/integrationsink.go	0.00%	5 Missing and 1 partial ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #8509      +/-   ##
==========================================
- Coverage   64.26%   64.19%   -0.08%     
==========================================
  Files         397      397              
  Lines       24337    24354      +17     
==========================================
- Hits        15641    15634       -7     
- Misses       7858     7880      +22     
- Partials      838      840       +2

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

❄ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

matzew · 2025-03-06T10:15:00Z

We could merge my current and work on proper fix in separate PR... as an option.

pierDipi · 2025-03-06T11:20:10Z

/lgtm

* Re-enable Cert Mgr Signed-off-by: Matthias Wessendorf <mwessend@redhat.com> * Manual informer Signed-off-by: Matthias Wessendorf <mwessend@redhat.com> * Update main Signed-off-by: Matthias Wessendorf <mwessend@redhat.com> * update controller Signed-off-by: Matthias Wessendorf <mwessend@redhat.com> * Adding label on cert Signed-off-by: Matthias Wessendorf <mwessend@redhat.com> * add enqueue Signed-off-by: Matthias Wessendorf <mwessend@redhat.com> * Create Cert Informer, on demand, and cancle when flag is disabled Signed-off-by: Matthias Wessendorf <mwessend@redhat.com> * Update unit tests that broke during rrefactors Signed-off-by: Matthias Wessendorf <mwessend@redhat.com> --------- Signed-off-by: Matthias Wessendorf <mwessend@redhat.com>

* Partial implementation of certmanager for integration sink (knative#8481) * Adding cert-mananger bits Basics for Cert-manager Signed-off-by: Matthias Wessendorf <mwessend@redhat.com> * Adding create cert manifest function Signed-off-by: Matthias Wessendorf <mwessend@redhat.com> * Use the make cert Signed-off-by: Matthias Wessendorf <mwessend@redhat.com> * Reconcile Certificate manifest and add RBAC Signed-off-by: Matthias Wessendorf <mwessend@redhat.com> * Add secret filter to controller Signed-off-by: Matthias Wessendorf <mwessend@redhat.com> * Look up secrets/certs for sink Signed-off-by: Matthias Wessendorf <mwessend@redhat.com> * Remove old/wrong Certificate manifest and reference Signed-off-by: Matthias Wessendorf <mwessend@redhat.com> * Fix controller compile Signed-off-by: Matthias Wessendorf <mwessend@redhat.com> * Formatting Signed-off-by: Matthias Wessendorf <mwessend@redhat.com> * change the reconcile of cert manifest, and run it only w/ some form of TLS Signed-off-by: Matthias Wessendorf <mwessend@redhat.com> * using filtered informer Signed-off-by: Matthias Wessendorf <mwessend@redhat.com> * Adding Rekt test for IntegrationSink TLS support Signed-off-by: Matthias Wessendorf <mwessend@redhat.com> * adding a bit of https port for deployment/service of the IntegrationSink Signed-off-by: Matthias Wessendorf <mwessend@redhat.com> * Mounting secrets and setting quarkus env vars for TLS support Signed-off-by: Matthias Wessendorf <mwessend@redhat.com> * Adding flags for different TLS levels resulting in diffeerent quarkus env vars Signed-off-by: Matthias Wessendorf <mwessend@redhat.com> * Remove bad comment Signed-off-by: Matthias Wessendorf <mwessend@redhat.com> * Adding label Signed-off-by: Matthias Wessendorf <mwessend@redhat.com> * Update codegen Signed-off-by: Matthias Wessendorf <mwessend@redhat.com> * Disable tmp. the cert manager feature Signed-off-by: Matthias Wessendorf <mwessend@redhat.com> * Fixing header/year Signed-off-by: Matthias Wessendorf <mwessend@redhat.com> * More test tweaking Signed-off-by: Matthias Wessendorf <mwessend@redhat.com> * Remove unused and comment out the hooks for now Signed-off-by: Matthias Wessendorf <mwessend@redhat.com> --------- Signed-off-by: Matthias Wessendorf <mwessend@redhat.com> * Run make generate-release Signed-off-by: Matthias Wessendorf <mwessend@redhat.com> * Remove unused code (knative#8485) Signed-off-by: Matthias Wessendorf <mwessend@redhat.com> * IntegrationSink prefactors (knative#8486) Little refactors on IntegrationSink Signed-off-by: Matthias Wessendorf <mwessend@redhat.com> * Add initial iteration of eventing-integration resources (knative#8493) * Generic code for Certificates (knative#8489) Make Certifacte factory more generic Signed-off-by: Matthias Wessendorf <mwessend@redhat.com> * Jsonata Event transform e2e tests (knative#8499) * E2E tests Signed-off-by: Pierangelo Di Pilato <pierdipi@redhat.com> * EventTransform Jsonata e2e tests Signed-off-by: Pierangelo Di Pilato <pierdipi@redhat.com> * Use eventing-integrations images and fix tests Signed-off-by: Pierangelo Di Pilato <pierdipi@redhat.com> * Verify response status code received by source Signed-off-by: Pierangelo Di Pilato <pierdipi@redhat.com> * Update JSONata transformations Signed-off-by: Pierangelo Di Pilato <pierdipi@redhat.com> --------- Signed-off-by: Pierangelo Di Pilato <pierdipi@redhat.com> * Inject integration images from ConfigMap (knative#8500) Signed-off-by: Pierangelo Di Pilato <pierdipi@redhat.com> * Run make generate-release Signed-off-by: Matthias Wessendorf <mwessend@redhat.com> * Update to the correct file (knative#8507) Signed-off-by: Matthias Wessendorf <mwessend@redhat.com> * EventTransform: Inject tracing configurations (knative#8479) Signed-off-by: Pierangelo Di Pilato <pierdipi@redhat.com> * EventTransform: add reconciler unit tests (knative#8513) * EventTransform: add reconciler unit tests Signed-off-by: Pierangelo Di Pilato <pierdipi@redhat.com> * Update pkg/reconciler/testing/v1alpha1/eventtransform.go Co-authored-by: Marek Schmidt <maschmid@redhat.com> --------- Signed-off-by: Pierangelo Di Pilato <pierdipi@redhat.com> Co-authored-by: Marek Schmidt <maschmid@redhat.com> * Enable Cert Manager (knative#8509) * Re-enable Cert Mgr Signed-off-by: Matthias Wessendorf <mwessend@redhat.com> * Manual informer Signed-off-by: Matthias Wessendorf <mwessend@redhat.com> * Update main Signed-off-by: Matthias Wessendorf <mwessend@redhat.com> * update controller Signed-off-by: Matthias Wessendorf <mwessend@redhat.com> * Adding label on cert Signed-off-by: Matthias Wessendorf <mwessend@redhat.com> * add enqueue Signed-off-by: Matthias Wessendorf <mwessend@redhat.com> * Create Cert Informer, on demand, and cancle when flag is disabled Signed-off-by: Matthias Wessendorf <mwessend@redhat.com> * Update unit tests that broke during rrefactors Signed-off-by: Matthias Wessendorf <mwessend@redhat.com> --------- Signed-off-by: Matthias Wessendorf <mwessend@redhat.com> * Event Transform JSONata TLS (knative#8515) * Event Transform JSONata TLS Signed-off-by: Pierangelo Di Pilato <pierdipi@redhat.com> * HA and security context Signed-off-by: Pierangelo Di Pilato <pierdipi@redhat.com> * Reconcile Certificate Signed-off-by: Pierangelo Di Pilato <pierdipi@redhat.com> * Additional unit tests cases Signed-off-by: Pierangelo Di Pilato <pierdipi@redhat.com> * Fix tests Signed-off-by: Pierangelo Di Pilato <pierdipi@redhat.com> * EventTransform trust bundle propagation and tests Signed-off-by: Pierangelo Di Pilato <pierdipi@redhat.com> * Fix tests and address comments Signed-off-by: Pierangelo Di Pilato <pierdipi@redhat.com> --------- Signed-off-by: Pierangelo Di Pilato <pierdipi@redhat.com> * Run make generate-release Signed-off-by: Matthias Wessendorf <mwessend@redhat.com> * Add dynamic cert-manager certificates informer (knative#8517) * Add dynamic informer, part I Signed-off-by: Matthias Wessendorf <mwessend@redhat.com> * Add Dynamic certificates informer for EventTransform Signed-off-by: Pierangelo Di Pilato <pierdipi@redhat.com> * Add Dynamic certificates Informer to IntegrationSink Signed-off-by: Pierangelo Di Pilato <pierdipi@redhat.com> * Fix error message Signed-off-by: Pierangelo Di Pilato <pierdipi@redhat.com> --------- Signed-off-by: Matthias Wessendorf <mwessend@redhat.com> Signed-off-by: Pierangelo Di Pilato <pierdipi@redhat.com> Co-authored-by: Pierangelo Di Pilato <pierdipi@redhat.com> * Improve CM Cert reconcile and deletion if feature is turned off (knative#8519) refactor CM Cert reconciler and take care of delete if feature is disabled Signed-off-by: Matthias Wessendorf <mwessend@redhat.com> * Remove transformations and integrations ConfigMaps (#1201) We don't use the ConfigMaps to inject the values, the operator will replace the value to the images directly. Signed-off-by: Pierangelo Di Pilato <pierdipi@redhat.com> Co-authored-by: Pierangelo Di Pilato <pierdipi@redhat.com> * Run make generate-release Signed-off-by: Matthias Wessendorf <mwessend@redhat.com> * Add configmaps/finalizers permissions Signed-off-by: Pierangelo Di Pilato <pierdipi@redhat.com> * Add update finalizers permissions for EventTransform reconciled resources Signed-off-by: Pierangelo Di Pilato <pierdipi@redhat.com> * Volume mounts use direct Signed-off-by: Matthias Wessendorf <mwessend@redhat.com> * Fix EventTransform with TLS Sink test Signed-off-by: Matthias Wessendorf <mwessend@redhat.com> --------- Signed-off-by: Matthias Wessendorf <mwessend@redhat.com> Signed-off-by: Pierangelo Di Pilato <pierdipi@redhat.com> Co-authored-by: David Simansky <dsimansk@redhat.com> Co-authored-by: Pierangelo Di Pilato <pierdipi@redhat.com> Co-authored-by: Marek Schmidt <maschmid@redhat.com>

knative-prow bot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Feb 26, 2025

knative-prow bot added approved Indicates a PR has been approved by an approver from all required OWNERS files. size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels Feb 26, 2025

knative-prow bot requested review from Cali0707 and evankanderson February 26, 2025 15:26

knative-prow bot added the area/test-and-release Test infrastructure, tests or release label Feb 26, 2025

matzew commented Feb 26, 2025

View reviewed changes

cmd/controller/main.go Outdated Show resolved Hide resolved

matzew commented Feb 26, 2025

View reviewed changes

matzew mentioned this pull request Feb 26, 2025

Bump cert manager and use their clientset #8484

Closed

5 tasks

matzew force-pushed the enable_cert_mgr branch from bf74a04 to ace33a7 Compare March 4, 2025 16:44

pierDipi reviewed Mar 4, 2025

View reviewed changes

pkg/reconciler/integration/sink/controller.go Outdated Show resolved Hide resolved

pierDipi reviewed Mar 4, 2025

View reviewed changes

pkg/reconciler/integration/sink/controller.go Outdated Show resolved Hide resolved

pierDipi reviewed Mar 4, 2025

View reviewed changes

pkg/reconciler/integration/sink/controller.go Outdated Show resolved Hide resolved

pierDipi reviewed Mar 4, 2025

View reviewed changes

pkg/reconciler/integration/sink/controller.go Outdated Show resolved Hide resolved

matzew commented Mar 5, 2025

View reviewed changes

matzew changed the title ~~WIP: Re-enable Cert Mgr~~ Enable Cert Manager Mar 6, 2025

knative-prow bot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Mar 6, 2025

matzew added 6 commits March 6, 2025 09:06

Re-enable Cert Mgr

1d39e17

Signed-off-by: Matthias Wessendorf <mwessend@redhat.com>

Manual informer

5e0a7e7

Signed-off-by: Matthias Wessendorf <mwessend@redhat.com>

Update main

052f0a6

Signed-off-by: Matthias Wessendorf <mwessend@redhat.com>

update controller

846e9eb

Signed-off-by: Matthias Wessendorf <mwessend@redhat.com>

Adding label on cert

3c7d3e9

Signed-off-by: Matthias Wessendorf <mwessend@redhat.com>

add enqueue

5c94bcc

Signed-off-by: Matthias Wessendorf <mwessend@redhat.com>

matzew added 2 commits March 6, 2025 09:06

Create Cert Informer, on demand, and cancle when flag is disabled

6aedb06

Signed-off-by: Matthias Wessendorf <mwessend@redhat.com>

Update unit tests that broke during rrefactors

06bd3bb

Signed-off-by: Matthias Wessendorf <mwessend@redhat.com>

matzew force-pushed the enable_cert_mgr branch from f74f08b to 06bd3bb Compare March 6, 2025 08:06

pierDipi reviewed Mar 6, 2025

View reviewed changes

knative-prow bot assigned pierDipi Mar 6, 2025

knative-prow bot added the lgtm Indicates that a PR is ready to be merged. label Mar 6, 2025

knative-prow bot merged commit eb3dd80 into knative:main Mar 6, 2025
34 of 36 checks passed

Enable Cert Manager #8509

Enable Cert Manager #8509

Uh oh!

Conversation

matzew commented Feb 26, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Proposed Changes

Pre-review Checklist

Uh oh!

knative-prow bot commented Feb 26, 2025

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Choose a reason for hiding this comment

Uh oh!

matzew commented Feb 26, 2025

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

matzew commented Mar 5, 2025

Uh oh!

pierDipi commented Mar 5, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

matzew commented Mar 6, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

pierDipi Mar 6, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

pierDipi Mar 6, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

codecov bot commented Mar 6, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Codecov Report

Uh oh!

matzew commented Mar 6, 2025

Uh oh!

pierDipi commented Mar 6, 2025

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

matzew commented Feb 26, 2025 •

edited

Loading

pierDipi commented Mar 5, 2025 •

edited

Loading

matzew commented Mar 6, 2025 •

edited

Loading

pierDipi Mar 6, 2025 •

edited

Loading

pierDipi Mar 6, 2025 •

edited

Loading

codecov bot commented Mar 6, 2025 •

edited

Loading