Promote serving cert annotations to GA #16225
Conversation
Rename in place.
Migrates service serving cert annotations to their new names. Can be run pre or post migration.
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: smarterclayton The full list of commands accepted by this bot can be found here. DetailsNeeds approval from an approver in each of these OWNERS Files:
You can indicate your approval by writing |
openshift-merge-robot
added
the
approved
openshift-ci-robot
added
the
size/L
smarterclayton
force-pushed
the
promote_serving_cert
branch
from
4f3d3f6 to
0059467
Compare
|
@smarterclayton: The following tests failed, say
Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
|
I'd really like to try to sort out a flex volume plugin or something to mount the CA bundle before committing to GA |
|
Why is that a prereq? You're worried that the annotations on the backend
will change?
On Sep 8, 2017, at 7:56 AM, David Eads <notifications@github.com> wrote:
I'd really like to try to sort out a flex volume plugin or something to
mount the CA bundle before committing to GA
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#16225 (comment)>,
or mute
the thread
<https://github.com/notifications/unsubscribe-auth/ABG_p8c1bQB-OPN5zXVK_n2P_baqlgraks5sgSuAgaJpZM4PQqXF>
.
|
|
Re: GA we are dependent on these annotations for improving components.
What sorts of discoveries would we make with flex volume that would cause
us to change the implementation here?
On Sep 8, 2017, at 7:56 AM, David Eads <notifications@github.com> wrote:
I'd really like to try to sort out a flex volume plugin or something to
mount the CA bundle before committing to GA
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#16225 (comment)>,
or mute
the thread
<https://github.com/notifications/unsubscribe-auth/ABG_p8c1bQB-OPN5zXVK_n2P_baqlgraks5sgSuAgaJpZM4PQqXF>
.
|
Just that there are two halves to promoting this. The "make my secret" half and the "how do I trust you" half. It seems like we should promote as a pair with a release or so of cut-over time. |
|
@openshift/sig-security |
| default: | ||
| return nil, nil // indicate that we ignored the object | ||
| } | ||
| return migrate.NotChanged, nil |
| return cmd | ||
| } | ||
|
|
||
| func NewCommandMigrateAlpha(name, fullName string, f *clientcmd.Factory, out, errOut io.Writer, cmds ...*cobra.Command) *cobra.Command { |
There was a problem hiding this comment.
I feel like we are starting to abuse the migrations we do via ansible.
There was a problem hiding this comment.
This wouldn't be for ansible. This is a convenience for someone who wants to move alpha annotations forward without having to write the script themselves.
I think piggy-backing on the service account token secret was a mistake we should rectify before exiting alpha. |
openshift-merge-robot
added
the
needs-rebase
|
@smarterclayton PR needs rebase |
openshift-merge-robot
added
approved
|
Issues go stale after 90d of inactivity. Mark the issue as fresh by commenting If this issue is safe to close now please do so with /lifecycle stale |
openshift-ci-robot
added
the
lifecycle/stale
|
Stale issues rot after 30d of inactivity. Mark the issue as fresh by commenting If this issue is safe to close now please do so with /lifecycle rotten |
openshift-ci-robot
added
lifecycle/rotten
|
Rotten issues close after 30d of inactivity. Reopen the issue by commenting /close |
9 participants
No transition in the controller. Instead, implement
which copies the annotations to their canonical name. Can be run pre or post migration. Avoids complex logic in the controller.
@deads2k @enj @liggitt