New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Make CSR cleaner tolerate objects with invalid status.certificate #103823
Conversation
/triage accepted |
cb2d4ee
to
236e72c
Compare
/lgtm |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: enj, liggitt The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
/retest Review the full test history for this PR. Silence the bot with an |
/retest Review the full test history for this PR. Silence the bot with an |
I expected it to be in 1.22, yes (and planned to backport for 1.20 and 1.21 as well) |
opened picks to 1.20 - 1.22 |
…823-upstream-release-1.22 Automated cherry pick of #103823: Make CSR cleaner tolerate objects with invalid
…823-upstream-release-1.21 Automated cherry pick of #103823: Make CSR cleaner tolerate objects with invalid
…823-upstream-release-1.20 Automated cherry pick of #103823: Make CSR cleaner tolerate objects with invalid
What type of PR is this?
/kind cleanup
What this PR does / why we need it:
In v1beta1, status.certificate was not validated. Currently, a status.certificate value that cannot be parsed (in order to check if the issued certificate is expired) causes the CSR cleaner controller to skip/retry cleanup indefinitely on the invalid object.
This PR puts the expired check at the end, after the time-based checks, and does not requeue a CSR for processing for an invalid status.certificate value (since that value will not change, retry is pointless).
/sig auth
/cc @enj