knative
[WIP] Integrate net-certmanager in Serving
Fixes https://github.com/knative/serving/issues/14740
Proposed Changes
- Moves net-certmanager into Serving under pkg/net-certmanager. This brings certmanager deps.
- Testing for now until it is finalized.
- Migration path for users should be straightforward just remove the net-certmanager deployment before doing an upgrade (should not create downtime).
- TODO: enable the controller only when any of the conditions is true: system-internal-tls, cluster-local-domain-tls, external-domain-tls.
Release Note
TBD
[APPROVALNOTIFIER] This PR is APPROVED
This pull-request has been approved by: skonto
The full list of commands accepted by this bot can be found here.
The pull request process is described here
- ~~OWNERS~~ [skonto]
Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment
![knative-prow[bot] avatar](https://avatars.githubusercontent.com/in/183726?v=4 "Published by a pub.dev verified publisher"){kind=small}
Codecov Report
Attention: Patch coverage is 84.52381% with 78 lines in your changes are missing coverage. Please review.
Project coverage is 84.25%. Comparing base (
d8b4c5c) to head (e36c81b). Report is 2 commits behind head on main.
Additional details and impacted files
@@ Coverage Diff @@
## main #14933 +/- ##
==========================================
+ Coverage 84.24% 84.25% +0.01%
==========================================
Files 213 220 +7
Lines 16633 17126 +493
==========================================
+ Hits 14012 14430 +418
- Misses 2277 2335 +58
- Partials 344 361 +17
:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.
![codecov[bot] avatar](https://avatars.githubusercontent.com/in/254?v=4 "Published by a pub.dev verified publisher"){kind=small}
upgrade tests failure:
Error: error creating the clusters: error creating clusters: error creating cluster: exit status 1, output: "Default change: VPC-native is the default mode during cluster creation for versions greater than 1.21.0-gke.1500. To create advanced routes based clusters, please pass the
--no-enable-ip-aliasflag\nDefault change: During creation of nodepools or autoscaling configuration changes for cluster versions greater than 1.24.1-gke.800 a default location policy is applied. For Spot and PVM it defaults to ANY, and for all other VM kinds a BALANCED policy is used. To change the default values use the--location-policyflag.\nNote: Your Pod address range (--cluster-ipv4-cidr) can accommodate at most 1008 node(s).\nCreating cluster kt2-a64df9e1-c28f-4b6d-a1f0-c810b2a9d-1 in us-central
https_serving_main have been failing for quite some time now: https://prow.knative.dev/?job=https_serving_main_periodic. Usually it is TestAutoscaleSustaining/aggregation-linear the test to blame as it is for the run here. The related to this PR tls tests, do pass though.
One issue I see is the injection dep on cert manager resources due to how knative/pkg registers informer stuff. I am working on it.
@skonto: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:
| Test name | Commit | Details | Required | Rerun command |
|---|---|---|---|---|
| https_serving_main | e36c81bc087b305d75b9df9f7051da02e19f57b4 | link | false | /test https |
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.
PR needs rebase.
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.
