AgentBaker icon indicating copy to clipboard operation
AgentBaker copied to clipboard
verified publisher icon Azure

cleanup: remove apiserver cert in favor of cluster CA

Open cameronmeissner opened this issue 1 year ago • 2 comments

What type of PR is this?

What this PR does / why we need it:

remove usage of the apiserver certificate sent from RP via: https://github.com/Azure/AgentBaker/blob/2350ccdc147ee245e08129d2074b8c0e2a57990a/pkg/agent/datamodel/types.go#L461-L462

in favor of always using the cluster CA cert instead, since the cert used by the apiserver should always be signed by the cluster CA cert

Which issue(s) this PR fixes:

Fixes #

Requirements:

Special notes for your reviewer:

Release note:

none

cameronmeissner avatar Aug 28 '24 16:08 cameronmeissner

Pull Request Test Coverage Report for Build 10618290919

Details

  • 0 of 0 changed or added relevant lines in 0 files are covered.
  • No unchanged relevant lines lost coverage.
  • Overall coverage decreased (-0.008%) to 71.401%
Totals Coverage Status
Change from base Build 10617572034: -0.008%
Covered Lines: 2619
Relevant Lines: 3668
💛 - Coveralls

coveralls avatar Aug 28 '24 16:08 coveralls

I think this works, the only risk is if there's any customer relying on this particular cert/key being on-disk

also still need to get 100% green e2e's (mainly green baring windows failures, which seem to be flakes)

cameronmeissner avatar Sep 11 '24 04:09 cameronmeissner