Re-generate test/config/tls/cert-secret.yaml #14324
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
knative-prow
bot
added
approved
knative-prow
bot
added
the
area/test-and-release
Codecov ReportPatch coverage has no change and project coverage change:
Additional details and impacted files@@ Coverage Diff @@
## main #14324 +/- ##
==========================================
+ Coverage 86.04% 86.06% +0.02%
==========================================
Files 196 196
Lines 14781 14781
==========================================
+ Hits 12718 12721 +3
+ Misses 1754 1753 -1
+ Partials 309 307 -2 ☔ View full report in Codecov by Sentry. |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: nak3, ReToCode The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
nak3
added a commit
to nak3/serving
that referenced
this pull request
Sep 4, 2023
openshift-merge-robot
pushed a commit
to openshift-knative/serving
that referenced
this pull request
Sep 4, 2023
openshift-cherrypick-robot
pushed a commit
to openshift-cherrypick-robot/knative-serving
that referenced
this pull request
Sep 4, 2023
openshift-cherrypick-robot
pushed a commit
to openshift-cherrypick-robot/knative-serving
that referenced
this pull request
Sep 4, 2023
openshift-cherrypick-robot
pushed a commit
to openshift-cherrypick-robot/knative-serving
that referenced
this pull request
Sep 4, 2023
openshift-merge-robot
pushed a commit
to openshift-knative/serving
that referenced
this pull request
Sep 4, 2023
Co-authored-by: Kenjiro Nakayama <[email protected]>
openshift-merge-robot
pushed a commit
to openshift-knative/serving
that referenced
this pull request
Sep 4, 2023
Co-authored-by: Kenjiro Nakayama <[email protected]>
openshift-merge-robot
pushed a commit
to openshift-knative/serving
that referenced
this pull request
Sep 5, 2023
Co-authored-by: Kenjiro Nakayama <[email protected]>
nak3
added a commit
to nak3/serving
that referenced
this pull request
Oct 12, 2023
nak3
added a commit
to nak3/serving
that referenced
this pull request
Oct 12, 2023
knative-prow bot
pushed a commit
that referenced
this pull request
Oct 12, 2023
* [release-1.11] bump x/net to v1.17 * Re-generate test/config/tls/cert-secret.yaml (#14324) * Run hack/update-codegen.sh --upgrade --release 1.11
knative-prow bot
pushed a commit
that referenced
this pull request
Oct 12, 2023
* [release-1.10] bump x/net to v0.17 * Re-generate test/config/tls/cert-secret.yaml (#14324) * Run hack/upgrade
openshift-ci bot
pushed a commit
to openshift-knative/serving
that referenced
this pull request
Oct 12, 2023
* Min TLS for tag to digest defaults to 1.2 again and is configurable (knative#13963) quay.io only supports 1.2 Co-authored-by: dprotaso <[email protected]> * drop safe to evict annotations (knative#14051) this prevents nodes from draining Co-authored-by: dprotaso <[email protected]> * [release-1.10] RandomChoice 2 policy wasn't random when the number of targets is 2 (with equal weight) (knative#14052) * RandomChoice 2 policy wasn't random when the number of targets is 2 * fix linting --------- Co-authored-by: dprotaso <[email protected]> * [release-1.10] fix securityContext for Knative Service Pod (user-container and queue-proxy) (knative#14377) * add seccompProfile to queue container security context * run as non root by default * update tests to expect new default run as nonroot * fix perms --------- Co-authored-by: Clay Kauzlaric <[email protected]> Co-authored-by: Dave Protasowski <[email protected]> * Leave a comment which will trigger a new dot release (knative#14501) * [release-1.10] bump x/net to v0.17 (knative#14517) * [release-1.10] bump x/net to v0.17 * Re-generate test/config/tls/cert-secret.yaml (knative#14324) * Run hack/upgrade * Update secure-pod-defaults patch * Use a static value for S-O branch --------- Co-authored-by: Knative Prow Robot <[email protected]> Co-authored-by: dprotaso <[email protected]> Co-authored-by: Clay Kauzlaric <[email protected]> Co-authored-by: Kenjiro Nakayama <[email protected]>
openshift-ci bot
pushed a commit
to openshift-knative/serving
that referenced
this pull request
Oct 16, 2023
* [release-1.11] fix securityContext for Knative Service Pod (user-container and queue-proxy) (knative#14378) * add seccompProfile to queue container security context * run as non root by default * update tests to expect new default run as nonroot --------- Co-authored-by: Clay Kauzlaric <[email protected]> * Leave a comment which will trigger a new dot release (knative#14500) * [release-1.11] bump x/net to v0.17 (knative#14516) * [release-1.11] bump x/net to v1.17 * Re-generate test/config/tls/cert-secret.yaml (knative#14324) * Run hack/update-codegen.sh --upgrade --release 1.11 * Update secure-pod-defaults patch --------- Co-authored-by: Knative Prow Robot <[email protected]> Co-authored-by: Clay Kauzlaric <[email protected]> Co-authored-by: Kenjiro Nakayama <[email protected]>
openshift-ci bot
pushed a commit
to openshift-knative/serving
that referenced
this pull request
Oct 20, 2023
* [release-1.11] fix securityContext for Knative Service Pod (user-container and queue-proxy) (knative#14378) * add seccompProfile to queue container security context * run as non root by default * update tests to expect new default run as nonroot --------- Co-authored-by: Clay Kauzlaric <[email protected]> * Leave a comment which will trigger a new dot release (knative#14500) * [release-1.11] bump x/net to v0.17 (knative#14516) * [release-1.11] bump x/net to v1.17 * Re-generate test/config/tls/cert-secret.yaml (knative#14324) * Run hack/update-codegen.sh --upgrade --release 1.11 * Bound buffer for reading stats (knative#14542) Co-authored-by: Evan Anderson <[email protected]> --------- Co-authored-by: Knative Prow Robot <[email protected]> Co-authored-by: Clay Kauzlaric <[email protected]> Co-authored-by: Kenjiro Nakayama <[email protected]> Co-authored-by: Evan Anderson <[email protected]>
openshift-ci bot
pushed a commit
to openshift-knative/serving
that referenced
this pull request
Oct 20, 2023
* Min TLS for tag to digest defaults to 1.2 again and is configurable (knative#13963) quay.io only supports 1.2 Co-authored-by: dprotaso <[email protected]> * drop safe to evict annotations (knative#14051) this prevents nodes from draining Co-authored-by: dprotaso <[email protected]> * [release-1.10] RandomChoice 2 policy wasn't random when the number of targets is 2 (with equal weight) (knative#14052) * RandomChoice 2 policy wasn't random when the number of targets is 2 * fix linting --------- Co-authored-by: dprotaso <[email protected]> * [release-1.10] fix securityContext for Knative Service Pod (user-container and queue-proxy) (knative#14377) * add seccompProfile to queue container security context * run as non root by default * update tests to expect new default run as nonroot * fix perms --------- Co-authored-by: Clay Kauzlaric <[email protected]> Co-authored-by: Dave Protasowski <[email protected]> * Leave a comment which will trigger a new dot release (knative#14501) * [release-1.10] bump x/net to v0.17 (knative#14517) * [release-1.10] bump x/net to v0.17 * Re-generate test/config/tls/cert-secret.yaml (knative#14324) * Run hack/upgrade * Bound buffer for reading stats (knative#14541) Co-authored-by: Evan Anderson <[email protected]> --------- Co-authored-by: Knative Prow Robot <[email protected]> Co-authored-by: dprotaso <[email protected]> Co-authored-by: Clay Kauzlaric <[email protected]> Co-authored-by: Kenjiro Nakayama <[email protected]> Co-authored-by: Evan Anderson <[email protected]>
mgencur
pushed a commit
to mgencur/serving-1
that referenced
this pull request
Nov 16, 2023
…#439) Co-authored-by: Kenjiro Nakayama <[email protected]>
openshift-merge-bot bot
pushed a commit
to openshift-knative/serving
that referenced
this pull request
Jan 8, 2024
* [release-1.11] fix securityContext for Knative Service Pod (user-container and queue-proxy) (knative#14378) * add seccompProfile to queue container security context * run as non root by default * update tests to expect new default run as nonroot --------- Co-authored-by: Clay Kauzlaric <[email protected]> * Leave a comment which will trigger a new dot release (knative#14500) * [release-1.11] bump x/net to v0.17 (knative#14516) * [release-1.11] bump x/net to v1.17 * Re-generate test/config/tls/cert-secret.yaml (knative#14324) * Run hack/update-codegen.sh --upgrade --release 1.11 * Bound buffer for reading stats (knative#14542) Co-authored-by: Evan Anderson <[email protected]> * upgrade to latest dependencies (knative#14552) bumping knative.dev/pkg bd99f2f...56bfe0d: > 56bfe0d [release-1.11] [CVE-2023-44487] Disable http2 for webhooks (# 2875) bumping knative.dev/caching 24ff723...ee89f75: > ee89f75 upgrade to latest dependencies (# 797) Signed-off-by: Knative Automation <[email protected]> * Upgrade grpc for addressing GHSA-m425-mq94-257g (knative#14579) More info at GHSA-m425-mq94-257g * remove duplicate 'additionalPrinterColumns' (knative#14654) Signed-off-by: Kenny Leung <[email protected]> Co-authored-by: Kenny Leung <[email protected]> * [release-1.11] Bump to fix knative#14732 (knative#14734) * Bump to fix knative#14732 * Bump to fix serving/knative#14732 * Sync with upstream release-1.11 --------- Signed-off-by: Knative Automation <[email protected]> Signed-off-by: Kenny Leung <[email protected]> Co-authored-by: Knative Prow Robot <[email protected]> Co-authored-by: Clay Kauzlaric <[email protected]> Co-authored-by: Kenjiro Nakayama <[email protected]> Co-authored-by: Evan Anderson <[email protected]> Co-authored-by: Knative Automation <[email protected]> Co-authored-by: Juan Sanin <[email protected]> Co-authored-by: Kenny Leung <[email protected]> Co-authored-by: Dave Protasowski <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Current tls e2e test always fails due to
service_to_service_test.go:168: Failed to start endpoint of httpproxy: response: status: 502, body: x509: certificate has expired or is not yet valid: current time 2023-08-31T13:27:40Z is after 2023-08-31T09:13:11Zfor example #14323This is caused by expired certificate in test/config/tls/cert-secret.yaml:
Hence, this patch re-generates the secret by:
Also, it expands the expired date to 10 years.
Release Note