Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make CSR cleaner tolerate objects with invalid status.certificate #103823

Merged
merged 1 commit into from Jul 21, 2021
Merged

Make CSR cleaner tolerate objects with invalid status.certificate #103823

merged 1 commit into from Jul 21, 2021

Conversation

liggitt
Copy link
Member

@liggitt liggitt commented Jul 21, 2021
edited

What type of PR is this?

/kind cleanup

What this PR does / why we need it:

In v1beta1, status.certificate was not validated. Currently, a status.certificate value that cannot be parsed (in order to check if the issued certificate is expired) causes the CSR cleaner controller to skip/retry cleanup indefinitely on the invalid object.

This PR puts the expired check at the end, after the time-based checks, and does not requeue a CSR for processing for an invalid status.certificate value (since that value will not change, retry is pointless).

Fixes an issue cleaning up CertificateSigningRequest objects with an unparseable `status.certificate` field

/sig auth
/cc @enj

@k8s-ci-robot k8s-ci-robot requested a review from enj July 21, 2021 14:24
@k8s-ci-robot k8s-ci-robot added release-note-none Denotes a PR that doesn't merit a release note. kind/cleanup Categorizes issue or PR as related to cleaning up code, process, or technical debt. size/M Denotes a PR that changes 30-99 lines, ignoring generated files. sig/auth Categorizes an issue or PR as relevant to SIG Auth. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. needs-priority Indicates a PR lacks a `priority/foo` label and requires one. sig/apps Categorizes an issue or PR as relevant to SIG Apps. approved Indicates a PR has been approved by an approver from all required OWNERS files. labels Jul 21, 2021
@enj
Copy link
Member

enj commented Jul 21, 2021

/triage accepted
/priority important-soon
/milestone v1.22

@k8s-ci-robot k8s-ci-robot added the triage/accepted Indicates an issue or PR is ready to be actively worked on. label Jul 21, 2021
@k8s-ci-robot k8s-ci-robot added this to the v1.22 milestone Jul 21, 2021
@k8s-ci-robot k8s-ci-robot added priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release. and removed needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. needs-priority Indicates a PR lacks a `priority/foo` label and requires one. labels Jul 21, 2021
@enj
Copy link
Member

enj commented Jul 21, 2021

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Jul 21, 2021
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: enj, liggitt

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@fejta-bot
Copy link

/retest
This bot automatically retries jobs that failed/flaked on approved PRs (send feedback to fejta).

Review the full test history for this PR.

Silence the bot with an /lgtm cancel or /hold comment for consistent failures.

@enj enj added this to Needs Triage in SIG Auth Old Jul 21, 2021
@fejta-bot
Copy link

/retest
This bot automatically retries jobs that failed/flaked on approved PRs (send feedback to fejta).

Review the full test history for this PR.

Silence the bot with an /lgtm cancel or /hold comment for consistent failures.

@k8s-ci-robot k8s-ci-robot merged commit 1a9ae34 into kubernetes:master Jul 21, 2021
SIG Auth Old automation moved this from Needs Triage to Closed / Done Jul 21, 2021
@liggitt liggitt deleted the csr-cleaner-error branch July 26, 2021 13:30
@saschagrunert
Copy link
Member

@liggitt @dims do we need to cherry-pick this PR into release-1.22?

@liggitt
Copy link
Member Author

liggitt commented Jul 26, 2021

I expected it to be in 1.22, yes (and planned to backport for 1.20 and 1.21 as well)

This was referenced Jul 27, 2021
Merged
Merged
Merged
@liggitt
Copy link
Member Author

liggitt commented Jul 27, 2021

opened picks to 1.20 - 1.22

@k8s-ci-robot k8s-ci-robot added release-note Denotes a PR that will be considered when it comes time to generate release notes. and removed release-note-none Denotes a PR that doesn't merit a release note. labels Jul 27, 2021
k8s-ci-robot added a commit that referenced this pull request Jul 28, 2021
@k8s-ci-robot
Merge pull request #103947 from liggitt/automated-cherry-pick-of-#103…
c02244d 
…823-upstream-release-1.22

Automated cherry pick of #103823: Make CSR cleaner tolerate objects with invalid
k8s-ci-robot added a commit that referenced this pull request Jul 28, 2021
@k8s-ci-robot
Merge pull request #103948 from liggitt/automated-cherry-pick-of-#103…
fc0ffa5 
…823-upstream-release-1.21

Automated cherry pick of #103823: Make CSR cleaner tolerate objects with invalid
k8s-ci-robot added a commit that referenced this pull request Jul 28, 2021
@k8s-ci-robot
Merge pull request #103949 from liggitt/automated-cherry-pick-of-#103…
b3957d3 
…823-upstream-release-1.20

Automated cherry pick of #103823: Make CSR cleaner tolerate objects with invalid
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@enj enj enj approved these changes

Assignees

@enj enj

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/cleanup Categorizes issue or PR as related to cleaning up code, process, or technical debt. lgtm "Looks good to me", indicates that a PR is ready to be merged. priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release. release-note Denotes a PR that will be considered when it comes time to generate release notes. sig/apps Categorizes an issue or PR as relevant to SIG Apps. sig/auth Categorizes an issue or PR as relevant to SIG Auth. size/M Denotes a PR that changes 30-99 lines, ignoring generated files. triage/accepted Indicates an issue or PR is ready to be actively worked on.
Projects
SIG Auth
Archived in project
SIG Auth Old
Closed / Done
Milestone
v1.22
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@liggitt @enj @k8s-ci-robot @fejta-bot @saschagrunert