Skip to content

Modify the handling of injected OCP CA bundles#1328

Merged
Neon-White merged 8 commits intonoobaa:masterfrom
Neon-White:mova-ca-bundle-to-olm
Apr 8, 2024
Merged

Modify the handling of injected OCP CA bundles#1328
Neon-White merged 8 commits intonoobaa:masterfrom
Neon-White:mova-ca-bundle-to-olm

Conversation

@Neon-White
Copy link
Contributor

@Neon-White Neon-White commented Mar 27, 2024
edited by shirady
Loading

Explain the changes

  1. Create the CA bundle injection configmap in the OLM stage so the operator can require it to start up, thus preventing a race condition
  2. Change the CA bundle mountPath to not override system certs
  3. Revert the Azure cert bundle injection (unneeded since the system certs aren't overridden anymore)
  4. Change the OCP injected CA bundle configmap name
  5. Change AddToRootCAs to append to the system pool instead of a new one
  6. Remove the configmap creation logic from the operator since it's now being done by the OLM

Issues: Fixed #xxx / Gap #xxx

  1. https://bugzilla.redhat.com/show_bug.cgi?id=2271580
    [Note: later we moved to Jira and the link is: DFBUGS-627]

Testing Instructions:

  1. Deploy NooBaa as part of ODF (preferably once over AWS, GCP, Azure)
  2. Verify the system reaches a healthy status and finishes to install
  3. Verify that the system can also use RGW backingstores
  • Doc added/updated
  • Tests added

@Neon-White Neon-White requested a review from liranmauda March 27, 2024 11:33
jackyalbo
jackyalbo reviewed Mar 27, 2024
View reviewed changes
@Neon-White Neon-White marked this pull request as draft March 28, 2024 13:31
@pull-request-size pull-request-size bot added size/M and removed size/XS labels Apr 2, 2024
@Neon-White Neon-White marked this pull request as ready for review April 2, 2024 10:26
@Neon-White Neon-White force-pushed the mova-ca-bundle-to-olm branch from a8bc33e to f4747ee Compare April 2, 2024 10:27
@Neon-White Neon-White changed the title Add the CA-bundle injection configmap to the NooBaa package Modify the handling of injected OCP CA bundles Apr 2, 2024
@Neon-White Neon-White force-pushed the mova-ca-bundle-to-olm branch from 5a12aa5 to 9eb3cd8 Compare April 3, 2024 09:44
@Neon-White Neon-White force-pushed the mova-ca-bundle-to-olm branch 2 times, most recently from 3f515c0 to 0f084f3 Compare April 4, 2024 21:39
@Neon-White
Add the CA-bundle injection configmap to the NooBaa package
9fca227 
Signed-off-by: Ben <belimele@redhat.com>
@Neon-White
Test
d3936be 
Signed-off-by: Ben <belimele@redhat.com>
@Neon-White
- Revert Azure cert bundle injection
3128793 
- Change the OCP injected CA bundle configmap name
- Change the CA bundle mountPath to not override system certs
- Change `AddToRootCAs` to append to the system pool instead of a new one

Signed-off-by: Ben <belimele@redhat.com>
@Neon-White
Remove redundant newline
d8b30e9 
Signed-off-by: Ben <belimele@redhat.com>
@Neon-White
Add missing subPath
3da130f 
Signed-off-by: Ben <belimele@redhat.com>
@Neon-White
Fix optional indentation
20cf538 
Signed-off-by: Ben <belimele@redhat.com>
@Neon-White
- Remove injectable configmap creation
5e44ff0 
- Generate `deploy.go`
- Fix old bundle path references

Signed-off-by: Ben <belimele@redhat.com>
@Neon-White
Omit subPath usage since it doesn't update the file when the ConfigMa…
f2799f1 
…p changes

https: //kubernetes.io/docs/tasks/configure-pod-container/configure-pod-configmap/#mounted-configmaps-are-updated-automatically
Signed-off-by: Ben <belimele@redhat.com>
@Neon-White Neon-White force-pushed the mova-ca-bundle-to-olm branch from 0f084f3 to f2799f1 Compare April 7, 2024 15:36
@Neon-White Neon-White merged commit 1afcd9c into noobaa:master Apr 8, 2024
@Neon-White Neon-White deleted the mova-ca-bundle-to-olm branch April 8, 2024 08:19
Neon-White added a commit to Neon-White/noobaa-operator that referenced this pull request Oct 8, 2024
@Neon-White
Modify the handling of injected OCP CA bundles (noobaa#1328)
c3c69bb 
* Add the CA-bundle injection configmap to the NooBaa package
- Revert Azure cert bundle injection
- Change the OCP injected CA bundle configmap name
- Change the CA bundle mountPath to not override system certs
- Change `AddToRootCAs` to append to the system pool instead of a new one
* Remove redundant newline
* Add missing `subPath`
* Fix `optional` indentation
* - Remove injectable configmap creation
- Generate `deploy.go`
- Fix old bundle path references
* Omit subPath usage since it doesn't update the file when the ConfigMap changes

https: //kubernetes.io/docs/tasks/configure-pod-container/configure-pod-configmap/#mounted-configmaps-are-updated-automatically

Signed-off-by: Ben <belimele@redhat.com>
Neon-White added a commit to Neon-White/noobaa-operator that referenced this pull request Oct 8, 2024
@Neon-White
Modify the handling of injected OCP CA bundles (noobaa#1328)
ff2b8de 
* Add the CA-bundle injection configmap to the NooBaa package
- Revert Azure cert bundle injection
- Change the OCP injected CA bundle configmap name
- Change the CA bundle mountPath to not override system certs
- Change `AddToRootCAs` to append to the system pool instead of a new one
* Remove redundant newline
* Add missing `subPath`
* Fix `optional` indentation
* - Remove injectable configmap creation
- Generate `deploy.go`
- Fix old bundle path references
* Omit subPath usage since it doesn't update the file when the ConfigMap changes

https: //kubernetes.io/docs/tasks/configure-pod-container/configure-pod-configmap/#mounted-configmaps-are-updated-automatically

Signed-off-by: Ben <belimele@redhat.com>
Neon-White added a commit to Neon-White/noobaa-operator that referenced this pull request Oct 8, 2024
@Neon-White
Modify the handling of injected OCP CA bundles (noobaa#1328)
fbb0f0d 
* Add the CA-bundle injection configmap to the NooBaa package
- Revert Azure cert bundle injection
- Change the OCP injected CA bundle configmap name
- Change the CA bundle mountPath to not override system certs
- Change `AddToRootCAs` to append to the system pool instead of a new one
* Remove redundant newline
* Add missing `subPath`
* Fix `optional` indentation
* - Remove injectable configmap creation
- Generate `deploy.go`
- Fix old bundle path references
* Omit subPath usage since it doesn't update the file when the ConfigMap changes

https: //kubernetes.io/docs/tasks/configure-pod-container/configure-pod-configmap/#mounted-configmaps-are-updated-automatically

Signed-off-by: Ben <belimele@redhat.com>
@Neon-White Neon-White mentioned this pull request Oct 8, 2024
Merged
@shirady shirady mentioned this pull request Mar 24, 2025
Closed
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jackyalbo jackyalbo jackyalbo left review comments

@dannyzaken dannyzaken dannyzaken approved these changes

@liranmauda liranmauda Awaiting requested review from liranmauda

Assignees

No one assigned

Labels

size/M

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Neon-White @dannyzaken @jackyalbo