New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add Certificate Hash #6155
base: master
Are you sure you want to change the base?
Add Certificate Hash #6155
Conversation
Skipping CI for Draft Pull Request. |
144f415
to
9f10806
Compare
9f10806
to
4bba729
Compare
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
e5874ac
to
94d574b
Compare
94d574b
to
8a18dad
Compare
96731c7
to
4ebe40a
Compare
adacc72
to
b7ceda9
Compare
6f2f221
to
7bc54a7
Compare
7bc54a7
to
eda4b43
Compare
00a0b68
to
dc51ab4
Compare
dc51ab4
to
9add564
Compare
/ok-to-test |
@inteon: The following tests failed, say
Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
9add564
to
28fed1f
Compare
Will this address the case where the keystore password secret has changed and thus the keychain needs to be regenerated with the new secret, e.g. apiVersion: cert-manager.io/v1
kind: Certificate
...
spec:
...
keystores:
jks:
create: true
passwordSecretRef:
name: some-other-secret-name
key: "jks-password" # <- i.e. if the value of this key in the `some-other-secret-name` secret has changed Note: obviously if I change the certificate's |
The issue you are describing will not be fixed by this PR. This PR is trying to improve the ReadinessPolicyChain and TriggerPolicyChain. |
PR needs rebase. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
@inteon: The following tests failed, say
Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
Replace all current matching logic with a simple Certificate Hash that can be used to detect if the Certificate resource changed after the Secret was created/ updated.
The main goal of this PR is to be able to determine if a Secret is up-to-date for the specified Certificate resource without requiring CertificateRequest resources to exist. In the long term, this logic will replace existing matching logic and simplify the change detection mechanisms.
Kind
/kind feature
Release Note