Closed omertuc closed 1 month ago
Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all
/hold waiting for https://github.com/rh-ecosystem-edge/recert/pull/140
/remove-label cluster-config-api-changed
/remove-label cluster-config-api-changed
/unhold
/remove-label cluster-config-api-changed
@omertuc how it will work with IBI? i wonder how we will be able to provide all the needed params?
/approve
[APPROVALNOTIFIER] This PR is APPROVED
This pull-request has been approved by: omertuc
The full list of commands accepted by this bot can be found here.
The pull request process is described here
/lgtm
Background / Context
Recert recently added ([1], [2]) some options that allow changing the cluster's trust bundle (it's recommended you read the PRs for more background about this).
Issue / Requirement / Reason for change
The lifecycle-agent doesn't make use of the new options added to recert
Solution / Feature Overview
Change the lifecycle-agent to use the new options added to recert
Implementation Details
Multiple new fields have been added.
AdditionalTrustBundle
inSeedReconfiguration
. This represents the trust bundle to be used for seed-reconfiguration. This contains the user-ca-bundle contents, the proxy configmap name, and the proxy configmap contents.AdditionalTrustBundle
inSeedClusterInfo
. This represents the state of the trust bundle in the seed cluster. This is simply booleans indicating the presence or lack there-of of the user-ca-bundle and the proxy configmap name (only if it actually has contents, a configmap with no contents is considered invalid OCP configuration). This is useful for when we want to verify that the seed is compatible with our desiredSeedReconfiguration
.RecertConfig
will now use the newCryptoDirs
andCryptoFiles
fields to specify the directories and files that should be considered part of the cluster's crypto material. Along with theClusterCustomizationDirs
andClusterCustomizationFiles
fields that specify the directories and files involved in cluster customization. Since these no longer overlap when it comes to customizing the trust bundle, we must use these new fields instead of the old commonStaticDirs
andStaticFiles
fields.[1] https://github.com/rh-ecosystem-edge/recert/pull/110 [2] https://github.com/rh-ecosystem-edge/recert/pull/140