eventing icon indicating copy to clipboard operation
eventing copied to clipboard

Published 20 hours ago verified publisher icon knative

Remove SelfSigned issuer from released `transport-encryption` artifacts

Open pierDipi opened this issue 1 year ago • 5 comments

Using a SelfSigned issuer is not recommended by cert-manager and currently we're shipping it in the tranport-encryption feature artifact.

Moving forward, we will not ship a SelfSigned issuer in the eventing-tls-networking.yaml artifacts and we will document, as a prerequisite, how to create a ClusterIssuer for eventing components so that by users can bring their own choosen issuer [1].

[1] https://cert-manager.io/docs/concepts/issuer/

Fixes #

Proposed Changes

  • Remove SelfSigned issuer from released transport-encryption artifacts
  • Add SelfSigned to the test configuration

Pre-review Checklist

  • [ ] At least 80% unit test coverage
  • [ ] E2E tests for any new behavior
  • [ ] Docs PR for any user-facing impact
  • [ ] Spec PR for any new API feature
  • [ ] Conformance test for any change to the spec

Release Note

Remove `SelfSigned` issuer from released `transport-encryption` artifacts.
To continue using the `transport-encryption` feature, Eventing components require a pre-created `ClusterIssuer` with name `knative-eventing-ca-issuer`. For more details, refer to the `transport-encryption` feature documentation.

Docs

pierDipi avatar May 08 '24 10:05 pierDipi

/cc @creydr @ReToCode

pierDipi avatar May 08 '24 10:05 pierDipi

@pierDipi can you fix the boilerplate issue?

creydr avatar May 08 '24 10:05 creydr

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Project coverage is 69.13%. Comparing base (7e1c082) to head (0cbefa3). Report is 36 commits behind head on main.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #7905      +/-   ##
==========================================
- Coverage   69.22%   69.13%   -0.09%     
==========================================
  Files         339      341       +2     
  Lines       19494    15829    -3665     
==========================================
- Hits        13494    10943    -2551     
+ Misses       5337     4213    -1124     
- Partials      663      673      +10

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

codecov[bot] avatar May 08 '24 10:05 codecov[bot]

@creydr I've just copied this file from another placeholder, so I think it's ok to ignore the error there

pierDipi avatar May 08 '24 12:05 pierDipi

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: creydr, pierDipi

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment Approvers can cancel approval by writing /approve cancel in a comment

knative-prow[bot] avatar May 10 '24 06:05 knative-prow[bot]