diff --git a/pkg/operator/certrotationcontroller/certrotationcontroller.go b/pkg/operator/certrotationcontroller/certrotationcontroller.go index 45dd979ad..c01f5197c 100644 --- a/pkg/operator/certrotationcontroller/certrotationcontroller.go +++ b/pkg/operator/certrotationcontroller/certrotationcontroller.go @@ -157,8 +157,9 @@ func newCertRotationController( Name: "aggregator-client-signer", AdditionalAnnotations: certrotation.AdditionalAnnotations{ JiraComponent: "kube-apiserver", - AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631,'[sig-cli] oc adm new-project [apigroup:project.openshift.io][apigroup:authorization.openshift.io] [Suite:openshift/conformance/parallel]'", Description: "Signer for the kube-apiserver to create client certificates for aggregated apiservers to recognize as a front-proxy", + TestName: "[sig-cli] oc adm new-project [apigroup:project.openshift.io][apigroup:authorization.openshift.io] [Suite:openshift/conformance/parallel]", + AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631", }, Validity: monthPeriod, Refresh: monthPeriod / 2, @@ -173,8 +174,9 @@ func newCertRotationController( Name: "kube-apiserver-aggregator-client-ca", AdditionalAnnotations: certrotation.AdditionalAnnotations{ JiraComponent: "kube-apiserver", - AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631,'[sig-cli] oc adm new-project [apigroup:project.openshift.io][apigroup:authorization.openshift.io] [Suite:openshift/conformance/parallel]'", Description: "CA for aggregated apiservers to recognize kube-apiserver as front-proxy.", + TestName: "[sig-cli] oc adm new-project [apigroup:project.openshift.io][apigroup:authorization.openshift.io] [Suite:openshift/conformance/parallel]", + AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631", }, RefreshOnlyWhenExpired: refreshOnlyWhenExpired, Informer: kubeInformersForNamespaces.InformersFor(operatorclient.GlobalMachineSpecifiedConfigNamespace).Core().V1().ConfigMaps(), @@ -187,8 +189,9 @@ func newCertRotationController( Name: "aggregator-client", AdditionalAnnotations: certrotation.AdditionalAnnotations{ JiraComponent: "kube-apiserver", - AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631,'[sig-cli] oc adm new-project [apigroup:project.openshift.io][apigroup:authorization.openshift.io] [Suite:openshift/conformance/parallel]'", Description: "Client certificate used by the kube-apiserver to communicate to aggregated apiservers.", + TestName: "[sig-cli] oc adm new-project [apigroup:project.openshift.io][apigroup:authorization.openshift.io] [Suite:openshift/conformance/parallel]", + AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631", }, Validity: monthPeriod, Refresh: monthPeriod / 2, @@ -213,8 +216,9 @@ func newCertRotationController( Name: "kube-apiserver-to-kubelet-signer", AdditionalAnnotations: certrotation.AdditionalAnnotations{ JiraComponent: "kube-apiserver", - AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631,'[sig-cli] Kubectl logs logs should be able to retrieve and filter logs [Conformance] [Suite:openshift/conformance/parallel/minimal] [Suite:k8s]'", Description: "Signer for the kube-apiserver-to-kubelet-client so kubelets can recognize the kube-apiserver.", + TestName: "[sig-cli] Kubectl logs logs should be able to retrieve and filter logs [Conformance] [Suite:openshift/conformance/parallel/minimal] [Suite:k8s]", + AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631", }, Validity: devRotationExceptionYear, // this comes from the installer // Refresh set to 80% of the validity. @@ -231,8 +235,9 @@ func newCertRotationController( Name: "kube-apiserver-to-kubelet-client-ca", AdditionalAnnotations: certrotation.AdditionalAnnotations{ JiraComponent: "kube-apiserver", - AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631,'[sig-cli] Kubectl logs logs should be able to retrieve and filter logs [Conformance] [Suite:openshift/conformance/parallel/minimal] [Suite:k8s]'", Description: "CA for the kubelet to recognize the kube-apiserver client certificate.", + TestName: "[sig-cli] Kubectl logs logs should be able to retrieve and filter logs [Conformance] [Suite:openshift/conformance/parallel/minimal] [Suite:k8s]", + AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631", }, RefreshOnlyWhenExpired: refreshOnlyWhenExpired, Informer: kubeInformersForNamespaces.InformersFor(operatorclient.OperatorNamespace).Core().V1().ConfigMaps(), @@ -245,8 +250,9 @@ func newCertRotationController( Name: "kubelet-client", AdditionalAnnotations: certrotation.AdditionalAnnotations{ JiraComponent: "kube-apiserver", - AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631,'[sig-cli] Kubectl logs logs should be able to retrieve and filter logs [Conformance] [Suite:openshift/conformance/parallel/minimal] [Suite:k8s]'", Description: "Client certificate used by the kube-apiserver to authenticate to the kubelet for requests like exec and logs.", + TestName: "[sig-cli] Kubectl logs logs should be able to retrieve and filter logs [Conformance] [Suite:openshift/conformance/parallel/minimal] [Suite:k8s]", + AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631", }, Validity: monthPeriod, Refresh: monthPeriod / 2, @@ -274,7 +280,8 @@ func newCertRotationController( Description: "Signer used by the kube-apiserver to create serving certificates for the kube-apiserver via localhost.", // LocalhostServing is not being tested directly, but this CA will be rotated when // other signers are updated and needs to have the same metadata set - AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631,'[Conformance][sig-api-machinery][Feature:APIServer] local kubeconfig \"localhost.kubeconfig\" should be present on all masters and work [apigroup:config.openshift.io] [Suite:openshift/conformance/parallel/minimal]'", + TestName: "[Conformance][sig-api-machinery][Feature:APIServer] local kubeconfig \"localhost.kubeconfig\" should be present on all masters and work [apigroup:config.openshift.io] [Suite:openshift/conformance/parallel/minimal]", + AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631", }, Validity: foreverPeriod, // this comes from the installer // Refresh set to 80% of the validity. @@ -296,7 +303,8 @@ func newCertRotationController( Description: "CA for recognizing the kube-apiserver when connecting via localhost.", // LocalhostServing is not being tested directly, but this CA will be rotated when // other signers are updated and needs to have the same metadata set - AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631,'[Conformance][sig-api-machinery][Feature:APIServer] local kubeconfig \"localhost.kubeconfig\" should be present on all masters and work [apigroup:config.openshift.io] [Suite:openshift/conformance/parallel/minimal]'", + TestName: "[Conformance][sig-api-machinery][Feature:APIServer] local kubeconfig \"localhost.kubeconfig\" should be present on all masters and work [apigroup:config.openshift.io] [Suite:openshift/conformance/parallel/minimal]", + AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631", }, RefreshOnlyWhenExpired: refreshOnlyWhenExpired, Informer: kubeInformersForNamespaces.InformersFor(operatorclient.OperatorNamespace).Core().V1().ConfigMaps(), @@ -309,8 +317,9 @@ func newCertRotationController( Name: "localhost-serving-cert-certkey", AdditionalAnnotations: certrotation.AdditionalAnnotations{ JiraComponent: "kube-apiserver", - AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631,'[Conformance][sig-api-machinery][Feature:APIServer] local kubeconfig \"localhost.kubeconfig\" should be present on all masters and work [apigroup:config.openshift.io] [Suite:openshift/conformance/parallel/minimal]'", Description: "Serving certificate used by the kube-apiserver to terminate requests via localhost.", + TestName: "[Conformance][sig-api-machinery][Feature:APIServer] local kubeconfig \"localhost.kubeconfig\" should be present on all masters and work [apigroup:config.openshift.io] [Suite:openshift/conformance/parallel/minimal]", + AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631", }, Validity: monthPeriod, Refresh: monthPeriod / 2, @@ -338,7 +347,8 @@ func newCertRotationController( Description: "Signer used by the kube-apiserver to create serving certificates for the kube-apiserver via the service network.", // ServiceNetworkServing is not being tested directly, but this CA will be rotated when // other signers are updated and needs to have the same metadata set - AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631,'[Conformance][sig-api-machinery][Feature:APIServer] kube-apiserver should be accessible via service network endpoint [Suite:openshift/conformance/parallel/minimal]'", + TestName: "[Conformance][sig-api-machinery][Feature:APIServer] kube-apiserver should be accessible via service network endpoint [Suite:openshift/conformance/parallel/minimal]", + AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631", }, Validity: foreverPeriod, // this comes from the installer // Refresh set to 80% of the validity. @@ -357,10 +367,11 @@ func newCertRotationController( Name: "service-network-serving-ca", AdditionalAnnotations: certrotation.AdditionalAnnotations{ JiraComponent: "kube-apiserver", - Description: "CA for recognizing the kube-apiserver when connecting via the service network (kuberentes.default.svc).", + Description: "CA for recognizing the kube-apiserver when connecting via the service network (kubernetes.default.svc).", // ServiceNetworkServing is not being tested directly, but this CA will be rotated when // other signers are updated and needs to have the same metadata set - AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631,'[Conformance][sig-api-machinery][Feature:APIServer] kube-apiserver should be accessible via service network endpoint [Suite:openshift/conformance/parallel/minimal]'", + TestName: "[Conformance][sig-api-machinery][Feature:APIServer] kube-apiserver should be accessible via service network endpoint [Suite:openshift/conformance/parallel/minimal]", + AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631", }, RefreshOnlyWhenExpired: refreshOnlyWhenExpired, Informer: kubeInformersForNamespaces.InformersFor(operatorclient.OperatorNamespace).Core().V1().ConfigMaps(), @@ -373,8 +384,9 @@ func newCertRotationController( Name: "service-network-serving-certkey", AdditionalAnnotations: certrotation.AdditionalAnnotations{ JiraComponent: "kube-apiserver", - AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631,'[Conformance][sig-api-machinery][Feature:APIServer] kube-apiserver should be accessible via service network endpoint [Suite:openshift/conformance/parallel/minimal]'", Description: "Serving certificate used by the kube-apiserver to terminate requests via the service network.", + TestName: "[Conformance][sig-api-machinery][Feature:APIServer] kube-apiserver should be accessible via service network endpoint [Suite:openshift/conformance/parallel/minimal]", + AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631", }, Validity: monthPeriod, Refresh: monthPeriod / 2, @@ -403,7 +415,8 @@ func newCertRotationController( Description: "Signer used by the kube-apiserver operator to create serving certificates for the kube-apiserver via internal and external load balancers.", // ExternalLoadBalancerServing is not being tested directly, but this CA will be rotated when // other signers are updated and needs to have the same metadata set - AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631,'[Conformance][sig-api-machinery][Feature:APIServer] kube-apiserver should be accessible via api-int endpoint [Suite:openshift/conformance/parallel/minimal]'", + TestName: "[Conformance][sig-api-machinery][Feature:APIServer] kube-apiserver should be accessible via api-int endpoint [Suite:openshift/conformance/parallel/minimal]", + AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631", }, Validity: foreverPeriod, // this comes from the installer // Refresh set to 80% of the validity. @@ -425,7 +438,8 @@ func newCertRotationController( Description: "CA for recognizing the kube-apiserver when connecting via the internal or external load balancers.", // ExternalLoadBalancerServing is not being tested directly, but this CA will be rotated when // other signers are updated and needs to have the same metadata set - AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631,'[Conformance][sig-api-machinery][Feature:APIServer] kube-apiserver should be accessible via api-int endpoint [Suite:openshift/conformance/parallel/minimal]'", + TestName: "[Conformance][sig-api-machinery][Feature:APIServer] kube-apiserver should be accessible via api-int endpoint [Suite:openshift/conformance/parallel/minimal]", + AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631", }, RefreshOnlyWhenExpired: refreshOnlyWhenExpired, Informer: kubeInformersForNamespaces.InformersFor(operatorclient.OperatorNamespace).Core().V1().ConfigMaps(), @@ -438,8 +452,9 @@ func newCertRotationController( Name: "external-loadbalancer-serving-certkey", AdditionalAnnotations: certrotation.AdditionalAnnotations{ JiraComponent: "kube-apiserver", - AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631,'[sig-apps] Deployment RollingUpdateDeployment should delete old pods and create new ones [Conformance] [Suite:openshift/conformance/parallel/minimal] [Suite:k8s]'", Description: "Serving certificate used by the kube-apiserver to terminate requests via the external load balancer.", + TestName: "[sig-apps] Deployment RollingUpdateDeployment should delete old pods and create new ones [Conformance] [Suite:openshift/conformance/parallel/minimal] [Suite:k8s]", + AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631", }, Validity: monthPeriod, Refresh: monthPeriod / 2, @@ -468,7 +483,8 @@ func newCertRotationController( Description: "Signer used by the kube-apiserver operator to create serving certificates for the kube-apiserver via internal and external load balancers.", // InternalLoadBalancerServing is not being tested directly, but this CA will be rotated when // other signers are updated and needs to have the same metadata set - AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631,'[Conformance][sig-api-machinery][Feature:APIServer] kube-apiserver should be accessible via api-int endpoint [Suite:openshift/conformance/parallel/minimal]'", + TestName: "[Conformance][sig-api-machinery][Feature:APIServer] kube-apiserver should be accessible via api-int endpoint [Suite:openshift/conformance/parallel/minimal]", + AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631", }, Validity: foreverPeriod, // this comes from the installer // Refresh set to 80% of the validity. @@ -490,7 +506,8 @@ func newCertRotationController( Description: "CA for recognizing the kube-apiserver when connecting via the internal or external load balancers.", // InternalLoadBalancerServing is not being tested directly, but this CA will be rotated when // other signers are updated and needs to have the same metadata set - AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631,'[Conformance][sig-api-machinery][Feature:APIServer] kube-apiserver should be accessible via api-int endpoint [Suite:openshift/conformance/parallel/minimal]'", + TestName: "[Conformance][sig-api-machinery][Feature:APIServer] kube-apiserver should be accessible via api-int endpoint [Suite:openshift/conformance/parallel/minimal]", + AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631", }, RefreshOnlyWhenExpired: refreshOnlyWhenExpired, Informer: kubeInformersForNamespaces.InformersFor(operatorclient.OperatorNamespace).Core().V1().ConfigMaps(), @@ -503,8 +520,9 @@ func newCertRotationController( Name: "internal-loadbalancer-serving-certkey", AdditionalAnnotations: certrotation.AdditionalAnnotations{ JiraComponent: "kube-apiserver", - AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631,'[Conformance][sig-api-machinery][Feature:APIServer] kube-apiserver should be accessible via api-int endpoint [Suite:openshift/conformance/parallel/minimal]'", Description: "Serving certificate used by the kube-apiserver to terminate requests via the internal load balancer.", + TestName: "[Conformance][sig-api-machinery][Feature:APIServer] kube-apiserver should be accessible via api-int endpoint [Suite:openshift/conformance/parallel/minimal]", + AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631", }, Validity: monthPeriod, Refresh: monthPeriod / 2, @@ -533,7 +551,8 @@ func newCertRotationController( Description: "Signer used by the kube-apiserver to create serving certificates for the kube-apiserver via the service network.", // LocalhostRecoveryServing is not being tested directly, but this CA will be rotated when // other signers are updated and needs to have the same metadata set - AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631,'[Conformance][sig-api-machinery][Feature:APIServer] local kubeconfig \"localhost-recovery.kubeconfig\" should be present on all masters and work [apigroup:config.openshift.io] [Suite:openshift/conformance/parallel/minimal]'", + TestName: "[Conformance][sig-api-machinery][Feature:APIServer] local kubeconfig \"localhost-recovery.kubeconfig\" should be present on all masters and work [apigroup:config.openshift.io] [Suite:openshift/conformance/parallel/minimal]", + AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631", }, RefreshOnlyWhenExpired: refreshOnlyWhenExpired, Validity: foreverPeriod, // this comes from the installer @@ -555,7 +574,8 @@ func newCertRotationController( Description: "CA for recognizing the kube-apiserver when connecting via the localhost recovery SNI ServerName.", // LocalhostRecoveryServing is not being tested directly, but this CA will be rotated when // other signers are updated and needs to have the same metadata set - AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631,'[Conformance][sig-api-machinery][Feature:APIServer] local kubeconfig \"localhost-recovery.kubeconfig\" should be present on all masters and work [apigroup:config.openshift.io] [Suite:openshift/conformance/parallel/minimal]'", + TestName: "[Conformance][sig-api-machinery][Feature:APIServer] local kubeconfig \"localhost-recovery.kubeconfig\" should be present on all masters and work [apigroup:config.openshift.io] [Suite:openshift/conformance/parallel/minimal]", + AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631", }, RefreshOnlyWhenExpired: refreshOnlyWhenExpired, Informer: kubeInformersForNamespaces.InformersFor(operatorclient.OperatorNamespace).Core().V1().ConfigMaps(), @@ -570,7 +590,8 @@ func newCertRotationController( JiraComponent: "kube-apiserver", Description: "Serving certificate used by the kube-apiserver to terminate requests via the localhost recovery SNI ServerName.", // This test checks that kube-apiserver can be contacted via localhost-recovery kubeconfig - AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631,'[Conformance][sig-api-machinery][Feature:APIServer] local kubeconfig \"localhost-recovery.kubeconfig\" should be present on all masters and work [apigroup:config.openshift.io] [Suite:openshift/conformance/parallel/minimal]'", + TestName: "[Conformance][sig-api-machinery][Feature:APIServer] local kubeconfig \"localhost-recovery.kubeconfig\" should be present on all masters and work [apigroup:config.openshift.io] [Suite:openshift/conformance/parallel/minimal]", + AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631", }, Validity: foreverPeriod, // Refresh set to 80% of the validity. @@ -599,8 +620,9 @@ func newCertRotationController( Name: "kube-control-plane-signer", AdditionalAnnotations: certrotation.AdditionalAnnotations{ JiraComponent: "kube-apiserver", - AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631,'[sig-apps] Deployment RollingUpdateDeployment should delete old pods and create new ones [Conformance] [Suite:openshift/conformance/parallel/minimal] [Suite:k8s]'", Description: "Signer for kube-controller-manager and kube-scheduler client certificates.", + TestName: "[sig-apps] Deployment RollingUpdateDeployment should delete old pods and create new ones [Conformance] [Suite:openshift/conformance/parallel/minimal] [Suite:k8s]", + AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631", }, Validity: 2 * devRotationExceptionMonth, Refresh: devRotationExceptionMonth, @@ -615,8 +637,9 @@ func newCertRotationController( Name: "kube-control-plane-signer-ca", AdditionalAnnotations: certrotation.AdditionalAnnotations{ JiraComponent: "kube-apiserver", - AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631,'[sig-apps] Deployment RollingUpdateDeployment should delete old pods and create new ones [Conformance] [Suite:openshift/conformance/parallel/minimal] [Suite:k8s]'", Description: "CA for kube-apiserver to recognize the kube-controller-manager and kube-scheduler client certificates.", + TestName: "[sig-apps] Deployment RollingUpdateDeployment should delete old pods and create new ones [Conformance] [Suite:openshift/conformance/parallel/minimal] [Suite:k8s]", + AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631", }, RefreshOnlyWhenExpired: refreshOnlyWhenExpired, Informer: kubeInformersForNamespaces.InformersFor(operatorclient.OperatorNamespace).Core().V1().ConfigMaps(), @@ -629,8 +652,9 @@ func newCertRotationController( Name: "kube-controller-manager-client-cert-key", AdditionalAnnotations: certrotation.AdditionalAnnotations{ JiraComponent: "kube-apiserver", - AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631,'[sig-apps] Deployment RollingUpdateDeployment should delete old pods and create new ones [Conformance] [Suite:openshift/conformance/parallel/minimal] [Suite:k8s]'", Description: "Client certificate used by the kube-controller-manager to authenticate to the kube-apiserver.", + TestName: "[sig-apps] Deployment RollingUpdateDeployment should delete old pods and create new ones [Conformance] [Suite:openshift/conformance/parallel/minimal] [Suite:k8s]", + AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631", }, Validity: monthPeriod, Refresh: monthPeriod / 2, @@ -655,8 +679,9 @@ func newCertRotationController( Name: "kube-control-plane-signer", AdditionalAnnotations: certrotation.AdditionalAnnotations{ JiraComponent: "kube-apiserver", - AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631,'[sig-apps] Deployment RollingUpdateDeployment should delete old pods and create new ones [Conformance] [Suite:openshift/conformance/parallel/minimal] [Suite:k8s]'", Description: "Signer for kube-controller-manager and kube-scheduler client certificates.", + TestName: "[sig-apps] Deployment RollingUpdateDeployment should delete old pods and create new ones [Conformance] [Suite:openshift/conformance/parallel/minimal] [Suite:k8s]", + AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631", }, Validity: 2 * devRotationExceptionMonth, Refresh: devRotationExceptionMonth, @@ -671,8 +696,9 @@ func newCertRotationController( Name: "kube-control-plane-signer-ca", AdditionalAnnotations: certrotation.AdditionalAnnotations{ JiraComponent: "kube-apiserver", - AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631,'[sig-apps] Deployment RollingUpdateDeployment should delete old pods and create new ones [Conformance] [Suite:openshift/conformance/parallel/minimal] [Suite:k8s]'", Description: "CA for kube-apiserver to recognize the kube-controller-manager and kube-scheduler client certificates.", + TestName: "[sig-apps] Deployment RollingUpdateDeployment should delete old pods and create new ones [Conformance] [Suite:openshift/conformance/parallel/minimal] [Suite:k8s]", + AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631", }, RefreshOnlyWhenExpired: refreshOnlyWhenExpired, Informer: kubeInformersForNamespaces.InformersFor(operatorclient.OperatorNamespace).Core().V1().ConfigMaps(), @@ -685,8 +711,9 @@ func newCertRotationController( Name: "kube-scheduler-client-cert-key", AdditionalAnnotations: certrotation.AdditionalAnnotations{ JiraComponent: "kube-apiserver", - AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631,'[sig-apps] Deployment RollingUpdateDeployment should delete old pods and create new ones [Conformance] [Suite:openshift/conformance/parallel/minimal] [Suite:k8s]'", Description: "Client certificate used by the kube-scheduler to authenticate to the kube-apiserver.", + TestName: "[sig-apps] Deployment RollingUpdateDeployment should delete old pods and create new ones [Conformance] [Suite:openshift/conformance/parallel/minimal] [Suite:k8s]", + AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631", }, Validity: monthPeriod, Refresh: monthPeriod / 2, @@ -711,8 +738,9 @@ func newCertRotationController( Name: "kube-control-plane-signer", AdditionalAnnotations: certrotation.AdditionalAnnotations{ JiraComponent: "kube-apiserver", - AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631,'[sig-apps] Deployment RollingUpdateDeployment should delete old pods and create new ones [Conformance] [Suite:openshift/conformance/parallel/minimal] [Suite:k8s]'", Description: "Signer for kube-controller-manager and kube-scheduler client certificates.", + TestName: "[sig-apps] Deployment RollingUpdateDeployment should delete old pods and create new ones [Conformance] [Suite:openshift/conformance/parallel/minimal] [Suite:k8s]", + AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631", }, Validity: 2 * devRotationExceptionMonth, Refresh: devRotationExceptionMonth, @@ -727,8 +755,9 @@ func newCertRotationController( Name: "kube-control-plane-signer-ca", AdditionalAnnotations: certrotation.AdditionalAnnotations{ JiraComponent: "kube-apiserver", - AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631,'[sig-apps] Deployment RollingUpdateDeployment should delete old pods and create new ones [Conformance] [Suite:openshift/conformance/parallel/minimal] [Suite:k8s]'", Description: "CA for kube-apiserver to recognize the kube-controller-manager and kube-scheduler client certificates.", + TestName: "[sig-apps] Deployment RollingUpdateDeployment should delete old pods and create new ones [Conformance] [Suite:openshift/conformance/parallel/minimal] [Suite:k8s]", + AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631", }, RefreshOnlyWhenExpired: refreshOnlyWhenExpired, Informer: kubeInformersForNamespaces.InformersFor(operatorclient.OperatorNamespace).Core().V1().ConfigMaps(), @@ -741,7 +770,9 @@ func newCertRotationController( Name: "control-plane-node-admin-client-cert-key", AdditionalAnnotations: certrotation.AdditionalAnnotations{ JiraComponent: "kube-apiserver", - AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631,'[Conformance][sig-api-machinery][Feature:APIServer] local kubeconfig \"control-plane-node.kubeconfig\" should be present in all kube-apiserver containers [Suite:openshift/conformance/parallel/minimal]'", + Description: "Client certificate and key for the control plane node kubeconfig", + TestName: "[Conformance][sig-api-machinery][Feature:APIServer] local kubeconfig \"control-plane-node.kubeconfig\" should be present in all kube-apiserver containers [Suite:openshift/conformance/parallel/minimal]", + AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631", }, Validity: monthPeriod, Refresh: monthPeriod / 2, @@ -766,8 +797,9 @@ func newCertRotationController( Name: "kube-control-plane-signer", AdditionalAnnotations: certrotation.AdditionalAnnotations{ JiraComponent: "kube-apiserver", - AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631,'[sig-apps] Deployment RollingUpdateDeployment should delete old pods and create new ones [Conformance] [Suite:openshift/conformance/parallel/minimal] [Suite:k8s]'", Description: "Signer for kube-controller-manager and kube-scheduler client certificates.", + TestName: "[sig-apps] Deployment RollingUpdateDeployment should delete old pods and create new ones [Conformance] [Suite:openshift/conformance/parallel/minimal] [Suite:k8s]", + AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631", }, Validity: 2 * devRotationExceptionMonth, Refresh: devRotationExceptionMonth, @@ -782,8 +814,9 @@ func newCertRotationController( Name: "kube-control-plane-signer-ca", AdditionalAnnotations: certrotation.AdditionalAnnotations{ JiraComponent: "kube-apiserver", - AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631,'[sig-apps] Deployment RollingUpdateDeployment should delete old pods and create new ones [Conformance] [Suite:openshift/conformance/parallel/minimal] [Suite:k8s]'", Description: "CA for kube-apiserver to recognize the kube-controller-manager and kube-scheduler client certificates.", + TestName: "[sig-apps] Deployment RollingUpdateDeployment should delete old pods and create new ones [Conformance] [Suite:openshift/conformance/parallel/minimal] [Suite:k8s]", + AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631", }, RefreshOnlyWhenExpired: refreshOnlyWhenExpired, Informer: kubeInformersForNamespaces.InformersFor(operatorclient.OperatorNamespace).Core().V1().ConfigMaps(), @@ -796,8 +829,9 @@ func newCertRotationController( Name: "check-endpoints-client-cert-key", AdditionalAnnotations: certrotation.AdditionalAnnotations{ JiraComponent: "kube-apiserver", - AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631,'[Conformance][sig-api-machinery][Feature:APIServer] local kubeconfig \"check-endpoints.kubeconfig\" should be present in all kube-apiserver containers [Suite:openshift/conformance/parallel/minimal]'", Description: "Client certificate used by the network connectivity checker of the kube-apiserver.", + TestName: "[Conformance][sig-api-machinery][Feature:APIServer] local kubeconfig \"check-endpoints.kubeconfig\" should be present in all kube-apiserver containers [Suite:openshift/conformance/parallel/minimal]", + AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631", }, Validity: monthPeriod, Refresh: monthPeriod / 2, @@ -822,8 +856,9 @@ func newCertRotationController( Name: "node-system-admin-signer", AdditionalAnnotations: certrotation.AdditionalAnnotations{ JiraComponent: "kube-apiserver", - AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631,'[Conformance][sig-api-machinery][Feature:APIServer] local kubeconfig \"localhost-recovery.kubeconfig\" should be present on all masters and work [apigroup:config.openshift.io] [Suite:openshift/conformance/parallel/minimal]'", Description: "Signer for the per-master-debugging-client.", + TestName: "[Conformance][sig-api-machinery][Feature:APIServer] local kubeconfig \"localhost-recovery.kubeconfig\" should be present on all masters and work [apigroup:config.openshift.io] [Suite:openshift/conformance/parallel/minimal]", + AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631", }, Validity: 3 * devRotationExceptionYear, // Refresh set to 80% of the validity. @@ -840,8 +875,9 @@ func newCertRotationController( Name: "node-system-admin-ca", AdditionalAnnotations: certrotation.AdditionalAnnotations{ JiraComponent: "kube-apiserver", - AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631,'[Conformance][sig-api-machinery][Feature:APIServer] local kubeconfig \"localhost-recovery.kubeconfig\" should be present on all masters and work [apigroup:config.openshift.io] [Suite:openshift/conformance/parallel/minimal]'", Description: "CA for kube-apiserver to recognize local system:masters rendered to each master.", + TestName: "[Conformance][sig-api-machinery][Feature:APIServer] local kubeconfig \"localhost-recovery.kubeconfig\" should be present on all masters and work [apigroup:config.openshift.io] [Suite:openshift/conformance/parallel/minimal]", + AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631", }, RefreshOnlyWhenExpired: refreshOnlyWhenExpired, Informer: kubeInformersForNamespaces.InformersFor(operatorclient.OperatorNamespace).Core().V1().ConfigMaps(), @@ -854,8 +890,9 @@ func newCertRotationController( Name: "node-system-admin-client", AdditionalAnnotations: certrotation.AdditionalAnnotations{ JiraComponent: "kube-apiserver", - AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631,'[Conformance][sig-api-machinery][Feature:APIServer] local kubeconfig \"localhost-recovery.kubeconfig\" should be present on all masters and work [apigroup:config.openshift.io] [Suite:openshift/conformance/parallel/minimal]'", Description: "Client certificate (system:masters) placed on each master to allow communication to kube-apiserver for debugging.", + TestName: "[Conformance][sig-api-machinery][Feature:APIServer] local kubeconfig \"localhost-recovery.kubeconfig\" should be present on all masters and work [apigroup:config.openshift.io] [Suite:openshift/conformance/parallel/minimal]", + AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631", }, // This needs to live longer then control plane certs so there is high chance that if a cluster breaks // because of expired certs these are still valid to use for collecting data using localhost-recovery