Changed remote cluster to validate PEM certificate instead of DER

[pooneh-m]

Currently allocator service is expecting TLS certificate of PEM format and the client is expecting server TLS signing certificate of DER format. This discrepancy was not detected because e2e tests are skipping cert validation and we don't have a good test coverage for multi-cluster allocation scenarios.

This only impact the multi-cluster allocation feature which is in v1alpha1. The issue was detected while writing e2e tests for multi-cluster allocation.

[agones-bot]

Build Failed 😱

Build Id: 4207394a-558d-498d-915e-36ffc137d2f2

• Cloud Build view
• Cloud Build log download

To get permission to view the Cloud Build view, join the agones-discuss Google Group.

[agones-bot]

Build Succeeded 👏

Build Id: 677a3e68-e22d-4324-bcbd-cd3f6ae91071

The following development artifacts have been built, and will exist for the next 30 days:

• image: gcr.io/agones-images/agones-controller:1.1.0-b3031ba
• image: gcr.io/agones-images/agones-sdk:1.1.0-b3031ba
• image: gcr.io/agones-images/agones-ping:1.1.0-b3031ba
• Linux C++ SDK (build): agonessdk-1.1.0-b3031ba-linux-arch_64.tar.gz
• SDK Server: agonessdk-server-1.1.0-b3031ba.zip

A preview of the website (the last 30 builds are retained):

• https://b3031ba-dot-preview-dot-agones-images.appspot.com/

To install this version:

• git fetch https://github.com/GoogleCloudPlatform/agones.git pull/1066/head:pr_1066 && git checkout pr_1066
• helm install install/helm/agones --namespace agones-system --name agones --set agones.image.tag=1.1.0-b3031ba

[markmandel]

So this looks fine, but would love some more info in the commit about why this change is in place / what it actually does.

I've no idea the difference between PEM / DER is for SSL certs?

[roberthbailey]

It would also be nice to mention (confirm?) that this code is only in the path of the v1alpha1 APIs for allocation, since otherwise this would be considered a breaking change.

[pooneh-m]

I updated the description with more info. The change is impacting v1alpha1 feature. PEM and DER are different formats for certificates.

[markmandel]

Thanks for the updates!

[google-oss-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: markmandel, pooneh-m
To complete the pull request process, please assign
You can assign the PR to them by writing /assign in a comment when ready.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[google-oss-robot]

New changes are detected. LGTM label has been removed.

[agones-bot]

Build Succeeded 👏

Build Id: 9f218ae7-9142-47ae-8e60-d6413c50d965

The following development artifacts have been built, and will exist for the next 30 days:

• image: gcr.io/agones-images/agones-controller:1.1.0-4e1d48b
• image: gcr.io/agones-images/agones-sdk:1.1.0-4e1d48b
• image: gcr.io/agones-images/agones-ping:1.1.0-4e1d48b
• Linux C++ SDK (build): agonessdk-1.1.0-4e1d48b-linux-arch_64.tar.gz
• SDK Server: agonessdk-server-1.1.0-4e1d48b.zip

A preview of the website (the last 30 builds are retained):

• https://4e1d48b-dot-preview-dot-agones-images.appspot.com/

To install this version:

• git fetch https://github.com/GoogleCloudPlatform/agones.git pull/1066/head:pr_1066 && git checkout pr_1066
• helm install install/helm/agones --namespace agones-system --name agones --set agones.image.tag=1.1.0-4e1d48b