Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update the TLS termination of the default instance from passthrough to rencrypt #703

Merged
merged 8 commits into from
May 24, 2024
Merged

Update the TLS termination of the default instance from passthrough to rencrypt #703

merged 8 commits into from
May 24, 2024

Conversation

chetan-rns
Copy link
Member

@chetan-rns chetan-rns commented May 14, 2024
edited
Loading

What type of PR is this?

/kind enhancement

What does this PR do / why we need it:

Have you updated the necessary documentation?

  • Documentation update is required by this PR.
  • Documentation has been updated.

Which issue(s) this PR fixes:

Fixes https://issues.redhat.com/browse/GITOPS-4674

Test acceptance criteria:

  • Unit Test
  • E2E Test

How to test changes / Special notes to the reviewer:

  1. Install/Run the operator
  2. Verify that the Argo CD server route is created with reencrypt termination policy
  3. Open the route link in the browser and inspect the certificate. It should be from the ingress operator.

@openshift-ci openshift-ci bot requested review from ciiay and trdoyle81 May 14, 2024 11:48
@openshift-ci OpenShift CI
Copy link

openshift-ci bot commented May 14, 2024

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please ask for approval from chetan-rns. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@chetan-rns chetan-rns force-pushed the update-tls-termination branch 3 times, most recently from 6c96f41 to 02442bf Compare May 15, 2024 06:00
@chetan-rns
Copy link
Member Author

/retest

@chetan-rns
Copy link
Member Author

/retest

2 similar comments
@chetan-rns
Copy link
Member Author

/retest

@chetan-rns
Copy link
Member Author

/retest

@chetan-rns
Copy link
Member Author

/retest

1 similar comment
@chetan-rns
Copy link
Member Author

/retest

@chetan-rns
Copy link
Member Author

/retest

@chetan-rns
Copy link
Member Author

/retest

@chetan-rns
Copy link
Member Author

/retest

@chetan-rns
Copy link
Member Author

/retest

@chetan-rns
Copy link
Member Author

/retest

3 similar comments
@chetan-rns
Copy link
Member Author

/retest

@chetan-rns
Copy link
Member Author

/retest

@chetan-rns
Copy link
Member Author

/retest

@chetan-rns
Copy link
Member Author

/retest

1 similar comment
@chetan-rns
Copy link
Member Author

/retest

@chetan-rns
Update TLS termination from passthrough to reencrypt
d222059 
Signed-off-by: Chetan Banavikalmutt <chetanrns1997@gmail.com>
@chetan-rns
add e2e tests to verify the default route
6d55763 
Signed-off-by: Chetan Banavikalmutt <chetanrns1997@gmail.com>
@chetan-rns
update the default TLS config in the argocd operator
a5573f4 
Signed-off-by: Chetan Banavikalmutt <chetanrns1997@gmail.com>
@chetan-rns
revert the edge termination policy to Redirect
1683a6d 
Signed-off-by: Chetan Banavikalmutt <chetanrns1997@gmail.com>
@chetan-rns
Fix e2e tests validate_default_argocd_route
51b5fef 
Signed-off-by: Chetan Banavikalmutt <chetanrns1997@gmail.com>
@chetan-rns
Run e2e test in parallel
24206b5 
Signed-off-by: Chetan Banavikalmutt <chetanrns1997@gmail.com>
@chetan-rns
update argocd-operator to bring in TLS config changes
069b9b8 
Signed-off-by: Chetan Banavikalmutt <chetanrns1997@gmail.com>
@chetan-rns
Copy link
Member Author

/retest

@jgwest jgwest changed the title Update the TLS termination of the default instance from passthrough to renerypt Update the TLS termination of the default instance from passthrough to rencrypt May 23, 2024
@chetan-rns
Add missing permissions to list networkpolicies
4ae3309 
Signed-off-by: Chetan Banavikalmutt <chetanrns1997@gmail.com>
@jgwest
Copy link
Collaborator

jgwest commented May 23, 2024 

        --- FAIL: kuttl/harness/1-066_validate_redis_secure_comm_no_autotls_no_ha (68.17s)

/retest

@jgwest
Copy link
Collaborator

jgwest commented May 24, 2024 

        --- FAIL: kuttl/harness/1-052_validate_rolebinding_number (10.88s)
        --- FAIL: kuttl/harness/1-066_validate_redis_secure_comm_no_autotls_no_ha (91.11s)

/retest

@openshift-ci OpenShift CI
Copy link

openshift-ci bot commented May 24, 2024

@chetan-rns: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/v4.14-kuttl-parallel 4ae3309 link true /test v4.14-kuttl-parallel
ci/prow/v4.13-kuttl-parallel 4ae3309 link true /test v4.13-kuttl-parallel
ci/prow/v4.12-kuttl-parallel 4ae3309 link true /test v4.12-kuttl-parallel

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

jgwest
jgwest approved these changes May 24, 2024
View reviewed changes
Copy link
Collaborator

@jgwest jgwest left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

I am merging even those this is still failing:

        --- FAIL: kuttl/harness/1-066_validate_redis_secure_comm_no_autotls_no_ha (100.70s)

This will allow other teams to test their fixes, while waiting for the redis test to be updated.

@jgwest jgwest merged commit 6d06274 into redhat-developer:master May 24, 2024
14 of 18 checks passed
trdoyle81 pushed a commit to trdoyle81/gitops-operator that referenced this pull request Aug 13, 2024
@chetan-rns
Update the TLS termination of the default instance from passthrough t…
38868f8 
…o rencrypt (redhat-developer#703)

* Update TLS termination from passthrough to reencrypt

Signed-off-by: Chetan Banavikalmutt <chetanrns1997@gmail.com>

* add e2e tests to verify the default route

Signed-off-by: Chetan Banavikalmutt <chetanrns1997@gmail.com>

* update the default TLS config in the argocd operator

Signed-off-by: Chetan Banavikalmutt <chetanrns1997@gmail.com>

* revert the edge termination policy to Redirect

Signed-off-by: Chetan Banavikalmutt <chetanrns1997@gmail.com>

* Fix e2e tests validate_default_argocd_route

Signed-off-by: Chetan Banavikalmutt <chetanrns1997@gmail.com>

* Run e2e test in parallel

Signed-off-by: Chetan Banavikalmutt <chetanrns1997@gmail.com>

* update argocd-operator to bring in TLS config changes

Signed-off-by: Chetan Banavikalmutt <chetanrns1997@gmail.com>

* Add missing permissions to list networkpolicies

Signed-off-by: Chetan Banavikalmutt <chetanrns1997@gmail.com>

---------

Signed-off-by: Chetan Banavikalmutt <chetanrns1997@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jgwest jgwest jgwest approved these changes

@ciiay ciiay Awaiting requested review from ciiay

@trdoyle81 trdoyle81 Awaiting requested review from trdoyle81

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@chetan-rns @jgwest @openshift-merge-robot