diff --git a/pkg/operator/certrotationcontroller/certrotationcontroller.go b/pkg/operator/certrotationcontroller/certrotationcontroller.go index 49da91393..490891fe7 100644 --- a/pkg/operator/certrotationcontroller/certrotationcontroller.go +++ b/pkg/operator/certrotationcontroller/certrotationcontroller.go @@ -154,8 +154,9 @@ func newCertRotationController( Name: "aggregator-client-signer", AdditionalAnnotations: certrotation.AdditionalAnnotations{ JiraComponent: "kube-apiserver", - AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631,'[sig-cli] oc adm new-project [apigroup:project.openshift.io][apigroup:authorization.openshift.io] [Suite:openshift/conformance/parallel]'", Description: "Signer for the kube-apiserver to create client certificates for aggregated apiservers to recognize as a front-proxy", + TestName: "[sig-cli] oc adm new-project [apigroup:project.openshift.io][apigroup:authorization.openshift.io] [Suite:openshift/conformance/parallel]", + AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631", }, Validity: monthPeriod, Refresh: monthPeriod / 2, @@ -170,8 +171,9 @@ func newCertRotationController( Name: "kube-apiserver-aggregator-client-ca", AdditionalAnnotations: certrotation.AdditionalAnnotations{ JiraComponent: "kube-apiserver", - AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631,'[sig-cli] oc adm new-project [apigroup:project.openshift.io][apigroup:authorization.openshift.io] [Suite:openshift/conformance/parallel]'", Description: "CA for aggregated apiservers to recognize kube-apiserver as front-proxy.", + TestName: "[sig-cli] oc adm new-project [apigroup:project.openshift.io][apigroup:authorization.openshift.io] [Suite:openshift/conformance/parallel]", + AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631", }, RefreshOnlyWhenExpired: refreshOnlyWhenExpired, Informer: kubeInformersForNamespaces.InformersFor(operatorclient.GlobalMachineSpecifiedConfigNamespace).Core().V1().ConfigMaps(), @@ -184,8 +186,9 @@ func newCertRotationController( Name: "aggregator-client", AdditionalAnnotations: certrotation.AdditionalAnnotations{ JiraComponent: "kube-apiserver", - AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631,'[sig-cli] oc adm new-project [apigroup:project.openshift.io][apigroup:authorization.openshift.io] [Suite:openshift/conformance/parallel]'", Description: "Client certificate used by the kube-apiserver to communicate to aggregated apiservers.", + TestName: "[sig-cli] oc adm new-project [apigroup:project.openshift.io][apigroup:authorization.openshift.io] [Suite:openshift/conformance/parallel]", + AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631", }, Validity: monthPeriod, Refresh: monthPeriod / 2, @@ -210,8 +213,9 @@ func newCertRotationController( Name: "kube-apiserver-to-kubelet-signer", AdditionalAnnotations: certrotation.AdditionalAnnotations{ JiraComponent: "kube-apiserver", - AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631,'[sig-cli] Kubectl logs logs should be able to retrieve and filter logs [Conformance] [Suite:openshift/conformance/parallel/minimal] [Suite:k8s]'", Description: "Signer for the kube-apiserver-to-kubelet-client so kubelets can recognize the kube-apiserver.", + TestName: "[sig-cli] Kubectl logs logs should be able to retrieve and filter logs [Conformance] [Suite:openshift/conformance/parallel/minimal] [Suite:k8s]", + AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631", }, Validity: devRotationExceptionYear, // this comes from the installer // Refresh set to 80% of the validity. @@ -228,8 +232,9 @@ func newCertRotationController( Name: "kube-apiserver-to-kubelet-client-ca", AdditionalAnnotations: certrotation.AdditionalAnnotations{ JiraComponent: "kube-apiserver", - AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631,'[sig-cli] Kubectl logs logs should be able to retrieve and filter logs [Conformance] [Suite:openshift/conformance/parallel/minimal] [Suite:k8s]'", Description: "CA for the kubelet to recognize the kube-apiserver client certificate.", + TestName: "[sig-cli] Kubectl logs logs should be able to retrieve and filter logs [Conformance] [Suite:openshift/conformance/parallel/minimal] [Suite:k8s]", + AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631", }, RefreshOnlyWhenExpired: refreshOnlyWhenExpired, Informer: kubeInformersForNamespaces.InformersFor(operatorclient.OperatorNamespace).Core().V1().ConfigMaps(), @@ -242,8 +247,9 @@ func newCertRotationController( Name: "kubelet-client", AdditionalAnnotations: certrotation.AdditionalAnnotations{ JiraComponent: "kube-apiserver", - AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631,'[sig-cli] Kubectl logs logs should be able to retrieve and filter logs [Conformance] [Suite:openshift/conformance/parallel/minimal] [Suite:k8s]'", Description: "Client certificate used by the kube-apiserver to authenticate to the kubelet for requests like exec and logs.", + TestName: "[sig-cli] Kubectl logs logs should be able to retrieve and filter logs [Conformance] [Suite:openshift/conformance/parallel/minimal] [Suite:k8s]", + AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631", }, Validity: monthPeriod, Refresh: monthPeriod / 2, @@ -271,7 +277,8 @@ func newCertRotationController( Description: "Signer used by the kube-apiserver to create serving certificates for the kube-apiserver via localhost.", // LocalhostServing is not being tested directly, but this CA will be rotated when // other signers are updated and needs to have the same metadata set - AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631,'[Conformance][sig-api-machinery][Feature:APIServer] local kubeconfig \"localhost.kubeconfig\" should be present on all masters and work [apigroup:config.openshift.io] [Suite:openshift/conformance/parallel/minimal]'", + TestName: "[Conformance][sig-api-machinery][Feature:APIServer] local kubeconfig \"localhost.kubeconfig\" should be present on all masters and work [apigroup:config.openshift.io] [Suite:openshift/conformance/parallel/minimal]", + AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631", }, Validity: foreverPeriod, // this comes from the installer // Refresh set to 80% of the validity. @@ -293,7 +300,8 @@ func newCertRotationController( Description: "CA for recognizing the kube-apiserver when connecting via localhost.", // LocalhostServing is not being tested directly, but this CA will be rotated when // other signers are updated and needs to have the same metadata set - AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631,'[Conformance][sig-api-machinery][Feature:APIServer] local kubeconfig \"localhost.kubeconfig\" should be present on all masters and work [apigroup:config.openshift.io] [Suite:openshift/conformance/parallel/minimal]'", + TestName: "[Conformance][sig-api-machinery][Feature:APIServer] local kubeconfig \"localhost.kubeconfig\" should be present on all masters and work [apigroup:config.openshift.io] [Suite:openshift/conformance/parallel/minimal]", + AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631", }, RefreshOnlyWhenExpired: refreshOnlyWhenExpired, Informer: kubeInformersForNamespaces.InformersFor(operatorclient.OperatorNamespace).Core().V1().ConfigMaps(), @@ -306,8 +314,9 @@ func newCertRotationController( Name: "localhost-serving-cert-certkey", AdditionalAnnotations: certrotation.AdditionalAnnotations{ JiraComponent: "kube-apiserver", - AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631,'[Conformance][sig-api-machinery][Feature:APIServer] local kubeconfig \"localhost.kubeconfig\" should be present on all masters and work [apigroup:config.openshift.io] [Suite:openshift/conformance/parallel/minimal]'", Description: "Serving certificate used by the kube-apiserver to terminate requests via localhost.", + TestName: "[Conformance][sig-api-machinery][Feature:APIServer] local kubeconfig \"localhost.kubeconfig\" should be present on all masters and work [apigroup:config.openshift.io] [Suite:openshift/conformance/parallel/minimal]", + AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631", }, Validity: monthPeriod, Refresh: monthPeriod / 2, @@ -335,7 +344,8 @@ func newCertRotationController( Description: "Signer used by the kube-apiserver to create serving certificates for the kube-apiserver via the service network.", // ServiceNetworkServing is not being tested directly, but this CA will be rotated when // other signers are updated and needs to have the same metadata set - AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631,'[Conformance][sig-api-machinery][Feature:APIServer] kube-apiserver should be accessible via service network endpoint [Suite:openshift/conformance/parallel/minimal]'", + TestName: "[Conformance][sig-api-machinery][Feature:APIServer] kube-apiserver should be accessible via service network endpoint [Suite:openshift/conformance/parallel/minimal]", + AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631", }, Validity: foreverPeriod, // this comes from the installer // Refresh set to 80% of the validity. @@ -354,10 +364,11 @@ func newCertRotationController( Name: "service-network-serving-ca", AdditionalAnnotations: certrotation.AdditionalAnnotations{ JiraComponent: "kube-apiserver", - Description: "CA for recognizing the kube-apiserver when connecting via the service network (kuberentes.default.svc).", + Description: "CA for recognizing the kube-apiserver when connecting via the service network (kubernetes.default.svc).", // ServiceNetworkServing is not being tested directly, but this CA will be rotated when // other signers are updated and needs to have the same metadata set - AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631,'[Conformance][sig-api-machinery][Feature:APIServer] kube-apiserver should be accessible via service network endpoint [Suite:openshift/conformance/parallel/minimal]'", + TestName: "[Conformance][sig-api-machinery][Feature:APIServer] kube-apiserver should be accessible via service network endpoint [Suite:openshift/conformance/parallel/minimal]", + AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631", }, RefreshOnlyWhenExpired: refreshOnlyWhenExpired, Informer: kubeInformersForNamespaces.InformersFor(operatorclient.OperatorNamespace).Core().V1().ConfigMaps(), @@ -370,8 +381,9 @@ func newCertRotationController( Name: "service-network-serving-certkey", AdditionalAnnotations: certrotation.AdditionalAnnotations{ JiraComponent: "kube-apiserver", - AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631,'[Conformance][sig-api-machinery][Feature:APIServer] kube-apiserver should be accessible via service network endpoint [Suite:openshift/conformance/parallel/minimal]'", Description: "Serving certificate used by the kube-apiserver to terminate requests via the service network.", + TestName: "[Conformance][sig-api-machinery][Feature:APIServer] kube-apiserver should be accessible via service network endpoint [Suite:openshift/conformance/parallel/minimal]", + AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631", }, Validity: monthPeriod, Refresh: monthPeriod / 2, @@ -400,7 +412,8 @@ func newCertRotationController( Description: "Signer used by the kube-apiserver operator to create serving certificates for the kube-apiserver via internal and external load balancers.", // ExternalLoadBalancerServing is not being tested directly, but this CA will be rotated when // other signers are updated and needs to have the same metadata set - AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631,'[Conformance][sig-api-machinery][Feature:APIServer] kube-apiserver should be accessible via api-int endpoint [Suite:openshift/conformance/parallel/minimal]'", + TestName: "[Conformance][sig-api-machinery][Feature:APIServer] kube-apiserver should be accessible via api-int endpoint [Suite:openshift/conformance/parallel/minimal]", + AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631", }, Validity: foreverPeriod, // this comes from the installer // Refresh set to 80% of the validity. @@ -422,7 +435,8 @@ func newCertRotationController( Description: "CA for recognizing the kube-apiserver when connecting via the internal or external load balancers.", // ExternalLoadBalancerServing is not being tested directly, but this CA will be rotated when // other signers are updated and needs to have the same metadata set - AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631,'[Conformance][sig-api-machinery][Feature:APIServer] kube-apiserver should be accessible via api-int endpoint [Suite:openshift/conformance/parallel/minimal]'", + TestName: "[Conformance][sig-api-machinery][Feature:APIServer] kube-apiserver should be accessible via api-int endpoint [Suite:openshift/conformance/parallel/minimal]", + AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631", }, RefreshOnlyWhenExpired: refreshOnlyWhenExpired, Informer: kubeInformersForNamespaces.InformersFor(operatorclient.OperatorNamespace).Core().V1().ConfigMaps(), @@ -435,8 +449,9 @@ func newCertRotationController( Name: "external-loadbalancer-serving-certkey", AdditionalAnnotations: certrotation.AdditionalAnnotations{ JiraComponent: "kube-apiserver", - AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631,'[sig-apps] Deployment RollingUpdateDeployment should delete old pods and create new ones [Conformance] [Suite:openshift/conformance/parallel/minimal] [Suite:k8s]'", Description: "Serving certificate used by the kube-apiserver to terminate requests via the external load balancer.", + TestName: "[sig-apps] Deployment RollingUpdateDeployment should delete old pods and create new ones [Conformance] [Suite:openshift/conformance/parallel/minimal] [Suite:k8s]", + AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631", }, Validity: monthPeriod, Refresh: monthPeriod / 2, @@ -465,7 +480,8 @@ func newCertRotationController( Description: "Signer used by the kube-apiserver operator to create serving certificates for the kube-apiserver via internal and external load balancers.", // InternalLoadBalancerServing is not being tested directly, but this CA will be rotated when // other signers are updated and needs to have the same metadata set - AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631,'[Conformance][sig-api-machinery][Feature:APIServer] kube-apiserver should be accessible via api-int endpoint [Suite:openshift/conformance/parallel/minimal]'", + TestName: "[Conformance][sig-api-machinery][Feature:APIServer] kube-apiserver should be accessible via api-int endpoint [Suite:openshift/conformance/parallel/minimal]", + AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631", }, Validity: foreverPeriod, // this comes from the installer // Refresh set to 80% of the validity. @@ -487,7 +503,8 @@ func newCertRotationController( Description: "CA for recognizing the kube-apiserver when connecting via the internal or external load balancers.", // InternalLoadBalancerServing is not being tested directly, but this CA will be rotated when // other signers are updated and needs to have the same metadata set - AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631,'[Conformance][sig-api-machinery][Feature:APIServer] kube-apiserver should be accessible via api-int endpoint [Suite:openshift/conformance/parallel/minimal]'", + TestName: "[Conformance][sig-api-machinery][Feature:APIServer] kube-apiserver should be accessible via api-int endpoint [Suite:openshift/conformance/parallel/minimal]", + AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631", }, RefreshOnlyWhenExpired: refreshOnlyWhenExpired, Informer: kubeInformersForNamespaces.InformersFor(operatorclient.OperatorNamespace).Core().V1().ConfigMaps(), @@ -500,8 +517,9 @@ func newCertRotationController( Name: "internal-loadbalancer-serving-certkey", AdditionalAnnotations: certrotation.AdditionalAnnotations{ JiraComponent: "kube-apiserver", - AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631,'[Conformance][sig-api-machinery][Feature:APIServer] kube-apiserver should be accessible via api-int endpoint [Suite:openshift/conformance/parallel/minimal]'", Description: "Serving certificate used by the kube-apiserver to terminate requests via the internal load balancer.", + TestName: "[Conformance][sig-api-machinery][Feature:APIServer] kube-apiserver should be accessible via api-int endpoint [Suite:openshift/conformance/parallel/minimal]", + AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631", }, Validity: monthPeriod, Refresh: monthPeriod / 2, @@ -530,7 +548,8 @@ func newCertRotationController( Description: "Signer used by the kube-apiserver to create serving certificates for the kube-apiserver via the service network.", // LocalhostRecoveryServing is not being tested directly, but this CA will be rotated when // other signers are updated and needs to have the same metadata set - AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631,'[Conformance][sig-api-machinery][Feature:APIServer] local kubeconfig \"localhost-recovery.kubeconfig\" should be present on all masters and work [apigroup:config.openshift.io] [Suite:openshift/conformance/parallel/minimal]'", + TestName: "[Conformance][sig-api-machinery][Feature:APIServer] local kubeconfig \"localhost-recovery.kubeconfig\" should be present on all masters and work [apigroup:config.openshift.io] [Suite:openshift/conformance/parallel/minimal]", + AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631", }, RefreshOnlyWhenExpired: refreshOnlyWhenExpired, Validity: foreverPeriod, // this comes from the installer @@ -552,7 +571,8 @@ func newCertRotationController( Description: "CA for recognizing the kube-apiserver when connecting via the localhost recovery SNI ServerName.", // LocalhostRecoveryServing is not being tested directly, but this CA will be rotated when // other signers are updated and needs to have the same metadata set - AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631,'[Conformance][sig-api-machinery][Feature:APIServer] local kubeconfig \"localhost-recovery.kubeconfig\" should be present on all masters and work [apigroup:config.openshift.io] [Suite:openshift/conformance/parallel/minimal]'", + TestName: "[Conformance][sig-api-machinery][Feature:APIServer] local kubeconfig \"localhost-recovery.kubeconfig\" should be present on all masters and work [apigroup:config.openshift.io] [Suite:openshift/conformance/parallel/minimal]", + AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631", }, RefreshOnlyWhenExpired: refreshOnlyWhenExpired, Informer: kubeInformersForNamespaces.InformersFor(operatorclient.OperatorNamespace).Core().V1().ConfigMaps(), @@ -567,7 +587,8 @@ func newCertRotationController( JiraComponent: "kube-apiserver", Description: "Serving certificate used by the kube-apiserver to terminate requests via the localhost recovery SNI ServerName.", // This test checks that kube-apiserver can be contacted via localhost-recovery kubeconfig - AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631,'[Conformance][sig-api-machinery][Feature:APIServer] local kubeconfig \"localhost-recovery.kubeconfig\" should be present on all masters and work [apigroup:config.openshift.io] [Suite:openshift/conformance/parallel/minimal]'", + TestName: "[Conformance][sig-api-machinery][Feature:APIServer] local kubeconfig \"localhost-recovery.kubeconfig\" should be present on all masters and work [apigroup:config.openshift.io] [Suite:openshift/conformance/parallel/minimal]", + AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631", }, Validity: foreverPeriod, // Refresh set to 80% of the validity. @@ -596,8 +617,9 @@ func newCertRotationController( Name: "kube-control-plane-signer", AdditionalAnnotations: certrotation.AdditionalAnnotations{ JiraComponent: "kube-apiserver", - AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631,'[sig-apps] Deployment RollingUpdateDeployment should delete old pods and create new ones [Conformance] [Suite:openshift/conformance/parallel/minimal] [Suite:k8s]'", Description: "Signer for kube-controller-manager and kube-scheduler client certificates.", + TestName: "[sig-apps] Deployment RollingUpdateDeployment should delete old pods and create new ones [Conformance] [Suite:openshift/conformance/parallel/minimal] [Suite:k8s]", + AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631", }, Validity: 2 * devRotationExceptionMonth, Refresh: devRotationExceptionMonth, @@ -612,8 +634,9 @@ func newCertRotationController( Name: "kube-control-plane-signer-ca", AdditionalAnnotations: certrotation.AdditionalAnnotations{ JiraComponent: "kube-apiserver", - AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631,'[sig-apps] Deployment RollingUpdateDeployment should delete old pods and create new ones [Conformance] [Suite:openshift/conformance/parallel/minimal] [Suite:k8s]'", Description: "CA for kube-apiserver to recognize the kube-controller-manager and kube-scheduler client certificates.", + TestName: "[sig-apps] Deployment RollingUpdateDeployment should delete old pods and create new ones [Conformance] [Suite:openshift/conformance/parallel/minimal] [Suite:k8s]", + AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631", }, RefreshOnlyWhenExpired: refreshOnlyWhenExpired, Informer: kubeInformersForNamespaces.InformersFor(operatorclient.OperatorNamespace).Core().V1().ConfigMaps(), @@ -626,8 +649,9 @@ func newCertRotationController( Name: "kube-controller-manager-client-cert-key", AdditionalAnnotations: certrotation.AdditionalAnnotations{ JiraComponent: "kube-apiserver", - AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631,'[sig-apps] Deployment RollingUpdateDeployment should delete old pods and create new ones [Conformance] [Suite:openshift/conformance/parallel/minimal] [Suite:k8s]'", Description: "Client certificate used by the kube-controller-manager to authenticate to the kube-apiserver.", + TestName: "[sig-apps] Deployment RollingUpdateDeployment should delete old pods and create new ones [Conformance] [Suite:openshift/conformance/parallel/minimal] [Suite:k8s]", + AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631", }, Validity: monthPeriod, Refresh: monthPeriod / 2, @@ -652,8 +676,9 @@ func newCertRotationController( Name: "kube-control-plane-signer", AdditionalAnnotations: certrotation.AdditionalAnnotations{ JiraComponent: "kube-apiserver", - AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631,'[sig-apps] Deployment RollingUpdateDeployment should delete old pods and create new ones [Conformance] [Suite:openshift/conformance/parallel/minimal] [Suite:k8s]'", Description: "Signer for kube-controller-manager and kube-scheduler client certificates.", + TestName: "[sig-apps] Deployment RollingUpdateDeployment should delete old pods and create new ones [Conformance] [Suite:openshift/conformance/parallel/minimal] [Suite:k8s]", + AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631", }, Validity: 2 * devRotationExceptionMonth, Refresh: devRotationExceptionMonth, @@ -668,8 +693,9 @@ func newCertRotationController( Name: "kube-control-plane-signer-ca", AdditionalAnnotations: certrotation.AdditionalAnnotations{ JiraComponent: "kube-apiserver", - AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631,'[sig-apps] Deployment RollingUpdateDeployment should delete old pods and create new ones [Conformance] [Suite:openshift/conformance/parallel/minimal] [Suite:k8s]'", Description: "CA for kube-apiserver to recognize the kube-controller-manager and kube-scheduler client certificates.", + TestName: "[sig-apps] Deployment RollingUpdateDeployment should delete old pods and create new ones [Conformance] [Suite:openshift/conformance/parallel/minimal] [Suite:k8s]", + AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631", }, RefreshOnlyWhenExpired: refreshOnlyWhenExpired, Informer: kubeInformersForNamespaces.InformersFor(operatorclient.OperatorNamespace).Core().V1().ConfigMaps(), @@ -682,8 +708,9 @@ func newCertRotationController( Name: "kube-scheduler-client-cert-key", AdditionalAnnotations: certrotation.AdditionalAnnotations{ JiraComponent: "kube-apiserver", - AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631,'[sig-apps] Deployment RollingUpdateDeployment should delete old pods and create new ones [Conformance] [Suite:openshift/conformance/parallel/minimal] [Suite:k8s]'", Description: "Client certificate used by the kube-scheduler to authenticate to the kube-apiserver.", + TestName: "[sig-apps] Deployment RollingUpdateDeployment should delete old pods and create new ones [Conformance] [Suite:openshift/conformance/parallel/minimal] [Suite:k8s]", + AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631", }, Validity: monthPeriod, Refresh: monthPeriod / 2, @@ -708,8 +735,9 @@ func newCertRotationController( Name: "kube-control-plane-signer", AdditionalAnnotations: certrotation.AdditionalAnnotations{ JiraComponent: "kube-apiserver", - AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631,'[sig-apps] Deployment RollingUpdateDeployment should delete old pods and create new ones [Conformance] [Suite:openshift/conformance/parallel/minimal] [Suite:k8s]'", Description: "Signer for kube-controller-manager and kube-scheduler client certificates.", + TestName: "[sig-apps] Deployment RollingUpdateDeployment should delete old pods and create new ones [Conformance] [Suite:openshift/conformance/parallel/minimal] [Suite:k8s]", + AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631", }, Validity: 2 * devRotationExceptionMonth, Refresh: devRotationExceptionMonth, @@ -724,8 +752,9 @@ func newCertRotationController( Name: "kube-control-plane-signer-ca", AdditionalAnnotations: certrotation.AdditionalAnnotations{ JiraComponent: "kube-apiserver", - AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631,'[sig-apps] Deployment RollingUpdateDeployment should delete old pods and create new ones [Conformance] [Suite:openshift/conformance/parallel/minimal] [Suite:k8s]'", Description: "CA for kube-apiserver to recognize the kube-controller-manager and kube-scheduler client certificates.", + TestName: "[sig-apps] Deployment RollingUpdateDeployment should delete old pods and create new ones [Conformance] [Suite:openshift/conformance/parallel/minimal] [Suite:k8s]", + AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631", }, RefreshOnlyWhenExpired: refreshOnlyWhenExpired, Informer: kubeInformersForNamespaces.InformersFor(operatorclient.OperatorNamespace).Core().V1().ConfigMaps(), @@ -738,7 +767,9 @@ func newCertRotationController( Name: "control-plane-node-admin-client-cert-key", AdditionalAnnotations: certrotation.AdditionalAnnotations{ JiraComponent: "kube-apiserver", - AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631,'[Conformance][sig-api-machinery][Feature:APIServer] local kubeconfig \"control-plane-node.kubeconfig\" should be present in all kube-apiserver containers [Suite:openshift/conformance/parallel/minimal]'", + Description: "Client certificate and key for the control plane node kubeconfig", + TestName: "[Conformance][sig-api-machinery][Feature:APIServer] local kubeconfig \"control-plane-node.kubeconfig\" should be present in all kube-apiserver containers [Suite:openshift/conformance/parallel/minimal]", + AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631", }, Validity: monthPeriod, Refresh: monthPeriod / 2, @@ -763,8 +794,9 @@ func newCertRotationController( Name: "kube-control-plane-signer", AdditionalAnnotations: certrotation.AdditionalAnnotations{ JiraComponent: "kube-apiserver", - AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631,'[sig-apps] Deployment RollingUpdateDeployment should delete old pods and create new ones [Conformance] [Suite:openshift/conformance/parallel/minimal] [Suite:k8s]'", Description: "Signer for kube-controller-manager and kube-scheduler client certificates.", + TestName: "[sig-apps] Deployment RollingUpdateDeployment should delete old pods and create new ones [Conformance] [Suite:openshift/conformance/parallel/minimal] [Suite:k8s]", + AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631", }, Validity: 2 * devRotationExceptionMonth, Refresh: devRotationExceptionMonth, @@ -779,8 +811,9 @@ func newCertRotationController( Name: "kube-control-plane-signer-ca", AdditionalAnnotations: certrotation.AdditionalAnnotations{ JiraComponent: "kube-apiserver", - AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631,'[sig-apps] Deployment RollingUpdateDeployment should delete old pods and create new ones [Conformance] [Suite:openshift/conformance/parallel/minimal] [Suite:k8s]'", Description: "CA for kube-apiserver to recognize the kube-controller-manager and kube-scheduler client certificates.", + TestName: "[sig-apps] Deployment RollingUpdateDeployment should delete old pods and create new ones [Conformance] [Suite:openshift/conformance/parallel/minimal] [Suite:k8s]", + AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631", }, RefreshOnlyWhenExpired: refreshOnlyWhenExpired, Informer: kubeInformersForNamespaces.InformersFor(operatorclient.OperatorNamespace).Core().V1().ConfigMaps(), @@ -793,8 +826,9 @@ func newCertRotationController( Name: "check-endpoints-client-cert-key", AdditionalAnnotations: certrotation.AdditionalAnnotations{ JiraComponent: "kube-apiserver", - AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631,'[Conformance][sig-api-machinery][Feature:APIServer] local kubeconfig \"check-endpoints.kubeconfig\" should be present in all kube-apiserver containers [Suite:openshift/conformance/parallel/minimal]'", Description: "Client certificate used by the network connectivity checker of the kube-apiserver.", + TestName: "[Conformance][sig-api-machinery][Feature:APIServer] local kubeconfig \"check-endpoints.kubeconfig\" should be present in all kube-apiserver containers [Suite:openshift/conformance/parallel/minimal]", + AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631", }, Validity: monthPeriod, Refresh: monthPeriod / 2, @@ -819,8 +853,9 @@ func newCertRotationController( Name: "node-system-admin-signer", AdditionalAnnotations: certrotation.AdditionalAnnotations{ JiraComponent: "kube-apiserver", - AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631,'[Conformance][sig-api-machinery][Feature:APIServer] local kubeconfig \"localhost-recovery.kubeconfig\" should be present on all masters and work [apigroup:config.openshift.io] [Suite:openshift/conformance/parallel/minimal]'", Description: "Signer for the per-master-debugging-client.", + TestName: "[Conformance][sig-api-machinery][Feature:APIServer] local kubeconfig \"localhost-recovery.kubeconfig\" should be present on all masters and work [apigroup:config.openshift.io] [Suite:openshift/conformance/parallel/minimal]", + AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631", }, Validity: 3 * devRotationExceptionYear, // Refresh set to 80% of the validity. @@ -837,8 +872,9 @@ func newCertRotationController( Name: "node-system-admin-ca", AdditionalAnnotations: certrotation.AdditionalAnnotations{ JiraComponent: "kube-apiserver", - AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631,'[Conformance][sig-api-machinery][Feature:APIServer] local kubeconfig \"localhost-recovery.kubeconfig\" should be present on all masters and work [apigroup:config.openshift.io] [Suite:openshift/conformance/parallel/minimal]'", Description: "CA for kube-apiserver to recognize local system:masters rendered to each master.", + TestName: "[Conformance][sig-api-machinery][Feature:APIServer] local kubeconfig \"localhost-recovery.kubeconfig\" should be present on all masters and work [apigroup:config.openshift.io] [Suite:openshift/conformance/parallel/minimal]", + AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631", }, RefreshOnlyWhenExpired: refreshOnlyWhenExpired, Informer: kubeInformersForNamespaces.InformersFor(operatorclient.OperatorNamespace).Core().V1().ConfigMaps(), @@ -851,8 +887,9 @@ func newCertRotationController( Name: "node-system-admin-client", AdditionalAnnotations: certrotation.AdditionalAnnotations{ JiraComponent: "kube-apiserver", - AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631,'[Conformance][sig-api-machinery][Feature:APIServer] local kubeconfig \"localhost-recovery.kubeconfig\" should be present on all masters and work [apigroup:config.openshift.io] [Suite:openshift/conformance/parallel/minimal]'", Description: "Client certificate (system:masters) placed on each master to allow communication to kube-apiserver for debugging.", + TestName: "[Conformance][sig-api-machinery][Feature:APIServer] local kubeconfig \"localhost-recovery.kubeconfig\" should be present on all masters and work [apigroup:config.openshift.io] [Suite:openshift/conformance/parallel/minimal]", + AutoRegenerateAfterOfflineExpiry: "https://github.com/openshift/cluster-kube-apiserver-operator/pull/1631", }, // This needs to live longer then control plane certs so there is high chance that if a cluster breaks // because of expired certs these are still valid to use for collecting data using localhost-recovery