jetstack-bot
commented
11 months ago [APPROVALNOTIFIER] This PR is NOT APPROVED
This pull-request has been approved by: Once this PR has been reviewed and has the lgtm label, please ask for approval from wallrj. For more information see the Kubernetes Code Review Process.
The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
- **[OWNERS](https://github.com/cert-manager/cert-manager-olm/blob/master/OWNERS)**
Approvers can indicate their approval by writing `/approve` in a comment
Approvers can cancel approval by writing `/approve cancel` in a comment
Release Candidate:
Testing
Installed on OpenShift v4.14  There was one test failure which I think is caused by RBAC preventing the Vault issuer creating a ServiceAccountToken. I haven't got time to dig into it further so I plan to release anyway. ```sh $ make crc-e2e OPENSHIFT_VERSION=4.13 E2E_TEST=../cert-manager/_bin/test/e2e.test ... [FAILED] in [It] - github.com/cert-manager/cert-manager/e2e-tests/suite/issuers/vault/issuer.go:370 @ 12/13/23 17:53:55.184 STEP: Cleaning up AppRole @ 12/13/23 17:53:55.185 STEP: Cleaning up Kubernetes @ 12/13/23 17:53:55.247 STEP: Cleaning up Vault @ 12/13/23 17:53:55.257 STEP: Deleting test namespace @ 12/13/23 17:53:55.27 << Timeline [FAILED] Unexpected error: <*errors.errorString | 0xc00141d0d0>: context deadline exceeded: Last Status: 'False' Reason: 'VaultError', Message: 'Failed to initialize Vault client: while requesting a Vault token using the Kubernetes auth: while requesting a token for the service account e2e-tests-create-vault-issuer-vtj47/vault-serviceaccount: serviceaccounts "vault-serviceaccount" is forbidden: User "system:serviceaccount:openshift-operators:cert-manager" cannot create resource "serviceaccounts/token" in API group "" in the namespace "e2e-tests-create-vault-issuer-vtj47"' { s: "context deadline exceeded: Last Status: 'False' Reason: 'VaultError', Message: 'Failed to initialize Vault client: while requesting a Vault token using the Kubernetes auth: while requesting a token for the service account e2e-tests-create-vault-issuer-vtj47/vault-serviceaccount: serviceaccounts \"vault-serviceaccount\" is forbidden: User \"system:serviceaccount:openshift-operators:cert-manager\" cannot create resource \"serviceaccounts/token\" in API group \"\" in the namespace \"e2e-tests-create-vault-issuer-vtj47\"'", } occurred In [It] at: github.com/cert-manager/cert-manager/e2e-tests/suite/issuers/vault/issuer.go:370 @ 12/13/23 17:53:55.184 ------------------------------ SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS•••••SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS•••••SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS•••••SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSproxy logs: Summarizing 1 Failure: [FAIL] [cert-manager] Vault Issuer [It] should be ready with a valid serviceAccountRef github.com/cert-manager/cert-manager/e2e-tests/suite/issuers/vault/issuer.go:370 Ran 25 of 778 Specs in 196.819 seconds FAIL! -- 24 Passed | 1 Failed | 0 Pending | 753 Skipped --- FAIL: TestE2E (197.15s) FAIL Connection to 34.38.136.123 closed. make: *** [Makefile:270: crc-e2e] Error 1 ``` Tested the operatorhubio catalog too: ```sh $ kubectl create -f https://operatorhub.io/install/candidate/cert-manager.yaml subscription.operators.coreos.com/my-cert-manager created $ kubectl get csv -n operators NAME DISPLAY VERSION REPLACES PHASE cert-manager.v1.13.3-rc1 cert-manager 1.13.3-rc1 cert-manager.v1.13.1 Succeeded $ kubectl get crd -l app.kubernetes.io/instance=cert-manager NAME CREATED AT certificaterequests.cert-manager.io 2023-12-14T11:42:36Z certificates.cert-manager.io 2023-12-14T11:42:38Z challenges.acme.cert-manager.io 2023-12-14T11:42:38Z clusterissuers.cert-manager.io 2023-12-14T11:42:38Z issuers.cert-manager.io 2023-12-14T11:42:38Z orders.acme.cert-manager.io 2023-12-14T11:42:38Z $ ctl version -o yaml clientVersion: compiler: gc gitCommit: "" gitTreeState: "" gitVersion: canary goVersion: go1.21.3 platform: linux/amd64 serverVersion: detected: v1.13.3 sources: crdLabelVersion: v1.13.3 # ~/projects/cert-manager/cert-manager $ ./_bin/test/e2e.test --repo-root=/dev/null --ginkgo.focus="CA\ Issuer" --ginkgo.skip="Gateway" ... Ran 23 of 778 Specs in 70.738 seconds SUCCESS! -- 23 Passed | 0 Failed | 0 Pending | 755 Skipped PASS ```Release