Skip to content

[release-4.19] OCPBUGS-60682: Optimistically update Kube Server and Client CA bundles #872

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 3 commits into from
Closed

[release-4.19] OCPBUGS-60682: Optimistically update Kube Server and Client CA bundles #872

wants to merge 3 commits into from

Conversation

sanchezl
Copy link
Contributor

@sanchezl sanchezl commented Sep 12, 2025
edited
Loading

This is a manual cherry-pick of #854

sanchezl and others added 3 commits September 12, 2025 10:12
@sanchezl
proof: library-go
4a80f35
@vrutkovs @sanchezl
targetconfigcontroller: optimistically update CA bundles
9dc8927 
Instead of re-creating configmap from scratch every time this function should attempt to use
existing configmap and replace the contents only. This would prevent extra configmap updates when
metadata changes.
@vrutkovs @sanchezl
certrotationcontroller: set RefreshOnlyWhenExpired for CA bundle
3885c1f 
This prevents CA bundle from being updated by sidecar running in RefreshOnlyWhenExpired=true mode
@openshift-ci OpenShift CI
Copy link
Contributor

openshift-ci bot commented Sep 12, 2025

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: sanchezl
Once this PR has been reviewed and has the lgtm label, please assign deads2k for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@sanchezl
Copy link
Contributor Author

/cherry-pick release-4.19 OCPBUGS-60682

@openshift-cherrypick-robot
Copy link

@sanchezl: I cannot cherry-pick the present PR on top of its base branch (release-4.19).

In response to this:

/cherry-pick release-4.19 OCPBUGS-60682

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@sanchezl
Copy link
Contributor Author

/jira cherry-pick OCPBUGS-55217

@openshift-ci-robot
Copy link

@sanchezl: Detected clone of Jira Issue OCPBUGS-55217 with correct target version. Will retitle the PR to link to the clone.
/retitle OCPBUGS-60682: cherry pick 854 to release 4.19

In response to this:

/jira cherry-pick OCPBUGS-55217

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@openshift-ci openshift-ci bot changed the title cherry pick 854 to release 4.19 OCPBUGS-60682: cherry pick 854 to release 4.19 Sep 12, 2025
@openshift-ci-robot openshift-ci-robot added the jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. label Sep 12, 2025
@openshift-ci-robot
Copy link

@sanchezl: This pull request references Jira Issue OCPBUGS-60682, which is invalid:

  • expected dependent Jira Issue OCPBUGS-60473 to be in one of the following states: VERIFIED, RELEASE PENDING, CLOSED (ERRATA), CLOSED (CURRENT RELEASE), CLOSED (DONE), CLOSED (DONE-ERRATA), but it is Closed (Duplicate) instead

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

The bug has been updated to refer to the pull request using the external bug tracker.

In response to this:

  • proof: library-go
  • targetconfigcontroller: optimistically update CA bundles
  • certrotationcontroller: set RefreshOnlyWhenExpired for CA bundle

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@openshift-ci-robot openshift-ci-robot added the jira/invalid-bug Indicates that a referenced Jira bug is invalid for the branch this PR is targeting. label Sep 12, 2025
@sanchezl
Copy link
Contributor Author

/retest

@sanchezl sanchezl changed the title OCPBUGS-60682: cherry pick 854 to release 4.19 OCPBUGS-60682: Optimistically update Kube Server and Client CA bundles Sep 12, 2025
@sanchezl sanchezl changed the title OCPBUGS-60682: Optimistically update Kube Server and Client CA bundles [release-4.19] OCPBUGS-60682: Optimistically update Kube Server and Client CA bundles Sep 12, 2025
@sanchezl
Copy link
Contributor Author

/hold for openshift/library-go#2013

@openshift-ci openshift-ci bot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Sep 12, 2025
@sanchezl sanchezl mentioned this pull request Sep 12, 2025
Closed
@openshift-ci OpenShift CI
Copy link
Contributor

openshift-ci bot commented Sep 12, 2025

@sanchezl: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/okd-scos-e2e-aws-ovn 3885c1f link false /test okd-scos-e2e-aws-ovn

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

@openshift-ci-robot openshift-ci-robot mentioned this pull request Sep 15, 2025
Merged
@vrutkovs
Copy link
Member

We don't really need that now - only in case 4.19 cert metadata needs updates
/close

@openshift-ci openshift-ci bot closed this Sep 18, 2025
@openshift-ci OpenShift CI
Copy link
Contributor

openshift-ci bot commented Sep 18, 2025

@vrutkovs: Closed this PR.

In response to this:

We don't really need that now - only in case 4.19 cert metadata needs updates
/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@atiratree atiratree Awaiting requested review from atiratree

@ingvagabund ingvagabund Awaiting requested review from ingvagabund

Assignees

No one assigned

Labels

do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. jira/invalid-bug Indicates that a referenced Jira bug is invalid for the branch this PR is targeting. jira/valid-reference Indicates that this PR references a valid Jira ticket of any type.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@sanchezl @openshift-cherrypick-robot @openshift-ci-robot @vrutkovs