joshbranham
commented
3 months ago Are there plans to cut a release soon with this fix?
Closed LanceEa closed 7 months ago
joshbranham
commented
3 months ago Are there plans to cut a release soon with this fix?
Description
This PR looks to fix the long standing issue with CA Certs not auto-renewing and becoming expired thus no longer being able to convert CRD's until a new CA cert is re-created. It expands the capabilities to allow for more flexibility in allowing the CA Cert and CRD Patching to be externally managed by third parties such as CertManager. Also, leverages leader-election to ensure predictability when managed CA Cert and CRD Patching.
APIExt design
The new design is built on top of the controller-runtime using the familiar Runnable and Controller patterns. The following are the key abstractions created.
Now that we support LeaderElection the RBAC has been expanded to include the new permissions needed.
One other thing to mention, is that this PR laid the ground work for publishing the apiext as a stand alone container by decoupling its binary from busy ambassador. However, for now the standalone container is only used to simplify the e2e testing (mainly due to keeping scope down, in an already large PR). The standalone binary is still copied into the core container and the deployment in the charts/manifest are still the same.
Related Issues
CA Cert Renewal and support for externally managing CA Cert and CRD Patching.
Testing
New unit tests for rewrite and added automated e2e tests to CI. Pulled into Edge Stack and verified no issues there as well.
Checklist
CHANGELOG.md.DEVELOPING.mdwith any any special dev tricks I had to use to work on this code efficiently.