Rename root-certificate to brupop-selfsigned-ca #595
Conversation
|
Thanks @alekhrycaiko for cutting this PR! I'm just getting up to speed on this issue so I'll need to look at this a bit more to confirm it will work. I'll dig in and get back to you! Sorry for the delay in response! |
| # Source: bottlerocket-update-operator/templates/controller-priority-class.yaml | ||
| apiVersion: scheduling.k8s.io/v1 | ||
| kind: PriorityClass | ||
| metadata: | ||
| name: brupop-controller-high-priority | ||
| namespace: brupop-bottlerocket-aws | ||
| preemptionPolicy: Never | ||
| value: 1000000 | ||
| --- |
There was a problem hiding this comment.
When running make manifest this ends up at the end rather than here. We might just move this to the end of the file to avoid it creating a dirty tree when running it, functionally it works the same.
| @@ -0,0 +1,193 @@ | |||
| --- | |||
There was a problem hiding this comment.
Was this file autogenerated? I'm not sure where it came from?
| @@ -39,7 +39,7 @@ pub const PUBLIC_KEY_NAME: &str = "tls.crt"; | |||
| pub const PRIVATE_KEY_NAME: &str = "tls.key"; | |||
| pub const TLS_KEY_MOUNT_PATH: &str = "/etc/brupop-tls-keys"; | |||
| // Certificate object name | |||
| pub const ROOT_CERTIFICATE_NAME: &str = "root-certificate"; | |||
| pub const ROOT_CERTIFICATE_NAME: &str = "brupop-selfsigned-ca"; | |||
There was a problem hiding this comment.
I think this is probably safe but I'm digging into how we use cert-manager under the hood to ensure we aren't going to break something else down the line. Do you happen to have links to what led you to this change?
There was a problem hiding this comment.
I do not unfortunately. I can just attest from what Jack mentions here that this resolved an issue on our end.
There was a problem hiding this comment.
Since it might help you: I just fixed this bug and set the value to cert-manager.io/inject-ca-from: brupop-bottlerocket-aws/brupop-apiserver-certificate in the CRD
Issue number:
#486
Description of changes:
This attempts to address #486.
Changes root certificate referenced based on current findings of the issue.
Testing done:
Ran test suite.
Our own cluster already relies on
brupop-selfsigned-ca. But I have not ran this specific PR against the cluster and could use an additional verification/eye there.Terms of contribution:
By submitting this pull request, I agree that this contribution is dual-licensed under the terms of both the Apache License, version 2.0, and the MIT license.