Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Modify the handling of injected OCP CA bundles #1328

Merged
merged 8 commits into from
Apr 8, 2024
Merged

Modify the handling of injected OCP CA bundles #1328

merged 8 commits into from
Apr 8, 2024

Conversation

Neon-White
Copy link
Contributor

@Neon-White Neon-White commented Mar 27, 2024
edited
Loading

Explain the changes

  1. Create the CA bundle injection configmap in the OLM stage so the operator can require it to start up, thus preventing a race condition
  2. Change the CA bundle mountPath to not override system certs
  3. Revert the Azure cert bundle injection (unneeded since the system certs aren't overridden anymore)
  4. Change the OCP injected CA bundle configmap name
  5. Change AddToRootCAs to append to the system pool instead of a new one
  6. Remove the configmap creation logic from the operator since it's now being done by the OLM

Issues: Fixed #xxx / Gap #xxx

  1. https://bugzilla.redhat.com/show_bug.cgi?id=2271580

Testing Instructions:

  1. Deploy NooBaa as part of ODF (preferably once over AWS, GCP, Azure)
  2. Verify the system reaches a healthy status and finishes to install
  3. Verify that the system can also use RGW backingstores
  • Doc added/updated
  • Tests added

@Neon-White Neon-White marked this pull request as draft March 28, 2024 13:31
@pull-request-size pull-request-size bot added size/M and removed size/XS labels Apr 2, 2024
@Neon-White Neon-White marked this pull request as ready for review April 2, 2024 10:26
@Neon-White Neon-White changed the title Add the CA-bundle injection configmap to the NooBaa package Modify the handling of injected OCP CA bundles Apr 2, 2024
@Neon-White Neon-White force-pushed the mova-ca-bundle-to-olm branch 2 times, most recently from 3f515c0 to 0f084f3 Compare April 4, 2024 21:39
@Neon-White
Add the CA-bundle injection configmap to the NooBaa package
9fca227 
Signed-off-by: Ben <[email protected]>
@Neon-White
Test
d3936be 
Signed-off-by: Ben <[email protected]>
@Neon-White
- Revert Azure cert bundle injection
3128793 
- Change the OCP injected CA bundle configmap name
- Change the CA bundle mountPath to not override system certs
- Change `AddToRootCAs` to append to the system pool instead of a new one

Signed-off-by: Ben <[email protected]>
@Neon-White
Remove redundant newline
d8b30e9 
Signed-off-by: Ben <[email protected]>
@Neon-White
Add missing subPath
3da130f 
Signed-off-by: Ben <[email protected]>
@Neon-White
Fix optional indentation
20cf538 
Signed-off-by: Ben <[email protected]>
@Neon-White
- Remove injectable configmap creation
5e44ff0 
- Generate `deploy.go`
- Fix old bundle path references

Signed-off-by: Ben <[email protected]>
@Neon-White
Omit subPath usage since it doesn't update the file when the ConfigMa…
f2799f1 
…p changes

https: //kubernetes.io/docs/tasks/configure-pod-container/configure-pod-configmap/#mounted-configmaps-are-updated-automatically
Signed-off-by: Ben <[email protected]>
@Neon-White Neon-White merged commit 1afcd9c into noobaa:master Apr 8, 2024
14 checks passed
@Neon-White Neon-White deleted the mova-ca-bundle-to-olm branch April 8, 2024 08:19
Neon-White added a commit to Neon-White/noobaa-operator that referenced this pull request Oct 8, 2024
@Neon-White
Modify the handling of injected OCP CA bundles (noobaa#1328)
c3c69bb 
* Add the CA-bundle injection configmap to the NooBaa package
- Revert Azure cert bundle injection
- Change the OCP injected CA bundle configmap name
- Change the CA bundle mountPath to not override system certs
- Change `AddToRootCAs` to append to the system pool instead of a new one
* Remove redundant newline
* Add missing `subPath`
* Fix `optional` indentation
* - Remove injectable configmap creation
- Generate `deploy.go`
- Fix old bundle path references
* Omit subPath usage since it doesn't update the file when the ConfigMap changes

https: //kubernetes.io/docs/tasks/configure-pod-container/configure-pod-configmap/#mounted-configmaps-are-updated-automatically

Signed-off-by: Ben <[email protected]>
Neon-White added a commit to Neon-White/noobaa-operator that referenced this pull request Oct 8, 2024
@Neon-White
Modify the handling of injected OCP CA bundles (noobaa#1328)
ff2b8de 
* Add the CA-bundle injection configmap to the NooBaa package
- Revert Azure cert bundle injection
- Change the OCP injected CA bundle configmap name
- Change the CA bundle mountPath to not override system certs
- Change `AddToRootCAs` to append to the system pool instead of a new one
* Remove redundant newline
* Add missing `subPath`
* Fix `optional` indentation
* - Remove injectable configmap creation
- Generate `deploy.go`
- Fix old bundle path references
* Omit subPath usage since it doesn't update the file when the ConfigMap changes

https: //kubernetes.io/docs/tasks/configure-pod-container/configure-pod-configmap/#mounted-configmaps-are-updated-automatically

Signed-off-by: Ben <[email protected]>
Neon-White added a commit to Neon-White/noobaa-operator that referenced this pull request Oct 8, 2024
@Neon-White
Modify the handling of injected OCP CA bundles (noobaa#1328)
fbb0f0d 
* Add the CA-bundle injection configmap to the NooBaa package
- Revert Azure cert bundle injection
- Change the OCP injected CA bundle configmap name
- Change the CA bundle mountPath to not override system certs
- Change `AddToRootCAs` to append to the system pool instead of a new one
* Remove redundant newline
* Add missing `subPath`
* Fix `optional` indentation
* - Remove injectable configmap creation
- Generate `deploy.go`
- Fix old bundle path references
* Omit subPath usage since it doesn't update the file when the ConfigMap changes

https: //kubernetes.io/docs/tasks/configure-pod-container/configure-pod-configmap/#mounted-configmaps-are-updated-automatically

Signed-off-by: Ben <[email protected]>
@Neon-White Neon-White mentioned this pull request Oct 8, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jackyalbo jackyalbo jackyalbo left review comments

@dannyzaken dannyzaken dannyzaken approved these changes

@liranmauda liranmauda Awaiting requested review from liranmauda

Assignees
No one assigned
Labels
size/M
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Neon-White @dannyzaken @jackyalbo