Skip to content

Remove Secret from ClusterCa generate cert methods #10915

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Dec 9, 2024
Merged

Remove Secret from ClusterCa generate cert methods #10915

merged 2 commits into from
Dec 9, 2024

Conversation

katheris
Copy link
Contributor

@katheris katheris commented Dec 5, 2024

Type of change

  • Refactoring

Description

Remove use of Secret object from ClusterCa generate certificate methods.
To support per-broker Secrets for certificates we need to separate the handling of the certificates from storing them in the Secret.

Support issue #7687

Checklist

Please go through this checklist and make sure all applicable tasks have been done

  • Write tests
  • Make sure all tests pass
  • Update documentation
  • Check RBAC rights for Kubernetes / OpenShift roles
  • Try your changes from Pod inside your Kubernetes and OpenShift cluster, not just locally
  • Reference relevant issue(s) and close them after merging
  • Update CHANGELOG.md
  • Supply screenshots for visual changes, such as Grafana dashboards

@katheris katheris added this to the 0.46.0 milestone Dec 5, 2024
@katheris katheris force-pushed the betterSeparationInCa branch from 330c87c to 93fa54c Compare December 5, 2024 14:23
@scholzj
Copy link
Member

scholzj commented Dec 5, 2024

/azp run regression

@azure-pipelines Azure Pipelines
Copy link

Azure Pipelines successfully started running 1 pipeline(s).

scholzj
scholzj reviewed Dec 6, 2024
View reviewed changes
Copy link
Member

@scholzj scholzj left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

One nit. But it seems to be good otherwise. Thanks.

cluster-operator/src/main/java/io/strimzi/operator/cluster/model/ClusterCa.java Outdated
Map<String, CertAndKey> existingCertificates,
Set<NodeRef> nodes,
boolean isMaintenanceTimeWindowsSatisfied,
boolean forceRenew
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Here - as well as in the other methods below - you call it forceRenewe. But you pass into it the value hasCaCertGenerationChanged. Given force-renew is an annotation for force certificate renewal, I think we should rename this to better correspond to what indicates here? E.g. caCertGenerationChanged?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah I see your point, I've renamed it

@scholzj scholzj requested a review from ppatierno December 6, 2024 16:13
@katheris
Address scholzj review comments
a857a5e 
Signed-off-by: Katherine Stanley <[email protected]>
scholzj
scholzj approved these changes Dec 9, 2024
View reviewed changes
Copy link
Member

@scholzj scholzj left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @katheris

ppatierno
ppatierno approved these changes Dec 9, 2024
View reviewed changes
Copy link
Member

@ppatierno ppatierno left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Thanks!

@scholzj scholzj merged commit c72ec9c into strimzi:main Dec 9, 2024
13 checks passed
@katheris katheris deleted the betterSeparationInCa branch March 12, 2025 16:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@scholzj scholzj scholzj approved these changes

@ppatierno ppatierno ppatierno approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
0.46.0
Development

Successfully merging this pull request may close these issues.
3 participants
@katheris @scholzj @ppatierno