Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add validity check for certificates on webhook startup #592

Merged
merged 6 commits into from
Mar 4, 2022
Merged

Add validity check for certificates on webhook startup #592

merged 6 commits into from
Mar 4, 2022

Conversation

luhi-DT
Copy link
Collaborator

@luhi-DT luhi-DT commented Feb 22, 2022

Currently when a customer has an old certificate in the dynatrace namespace, the webhook will grab that cert and use it until the first renewal of his certificates (after 6 hours), because the validity is not checked, when the webhook grabs the certificates from the secret.

Webhook won't accept any connections/allow pod creations until it reloads certificates, which is after 6 hours. But the new certificates would be already in the cluster in a matter of minutes.

Therefore we should also check if the certificates are valid long enough, if the webhook starts.

@luhi-DT luhi-DT added the bug Something isn't working label Feb 22, 2022
@luhi-DT luhi-DT closed this Feb 22, 2022
@luhi-DT luhi-DT reopened this Feb 22, 2022
gkrenn
gkrenn reviewed Feb 23, 2022
View reviewed changes
src/cmd/operator/watcher.go Outdated Show resolved Hide resolved
gkrenn
gkrenn previously requested changes Feb 23, 2022
View reviewed changes
Copy link
Contributor

@gkrenn gkrenn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

See my comments

@luhi-DT luhi-DT added the core Changes to core functionality of the Operator label Mar 1, 2022
@luhi-DT luhi-DT removed the request for review from gkrenn March 4, 2022 12:45
@luhi-DT luhi-DT dismissed gkrenn’s stale review March 4, 2022 12:48

Changes implemented

@luhi-DT luhi-DT merged commit b02abbb into master Mar 4, 2022
@luhi-DT luhi-DT deleted the bugfix/check-cert-validity-on-webhook-start branch March 4, 2022 18:29
chrismuellner pushed a commit that referenced this pull request Mar 8, 2022
@luhi-DT @chrismuellner
Add validity check for certificates on webhook startup (#592)
259b8c3 
* Add validity check on webhook startup

* Fix unit tests

* Revert imports

* Add constants from certificates controller

(cherry picked from commit b02abbb)
chrismuellner pushed a commit that referenced this pull request Mar 9, 2022
@luhi-DT @chrismuellner
Add validity check for certificates on webhook startup (#592)
734da7e 
* Add validity check on webhook startup

* Fix unit tests

* Revert imports

* Add constants from certificates controller

(cherry picked from commit b02abbb)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@0sewa0 0sewa0 0sewa0 approved these changes

@gkrenn gkrenn gkrenn left review comments

@chrismuellner chrismuellner Awaiting requested review from chrismuellner

@mjgrzybek mjgrzybek Awaiting requested review from mjgrzybek

@aorcholski aorcholski Awaiting requested review from aorcholski

Assignees
No one assigned
Labels
bug Something isn't working core Changes to core functionality of the Operator
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@luhi-DT @gkrenn @0sewa0 @chrismuellner