Upstream rebase to 2.12.1 #56
Conversation
When not running on OpenShift, use the certificate generation/rotation
built in to the KEDA operator, and use its single certificate and the
CA certificate which signed it for all of the following:
* KEDA operator's gRPC service
* Metrics Server (adapter) API service endpoint
* Validating admission webhook service endpoint
* Client certificate used by the adapter to authenticate against the gRPC service
When running on OpenShift, use OpenShift-generated certificates (and the
cluster's service CA for validation) for each of the following services:
* KEDA operator's gRPC service
* Metrics Server (adapter) API service endpoint
* Validating admission webhook service endpoint
The OLM operator generates CA and a gRPC client certificate for:
* The adapter to authenticate itself to the KEDA operator (key/cert)
* The KEDA operator's gRPC service to verify clients (the adapter) (CA
cert)
Signed-off-by: Joel Smith <joelsmith@redhat.com>
Add gRPC client cert generation/rotation when running on OpenShift
Signed-off-by: Joel Smith <joelsmith@redhat.com>
Signed-off-by: Joel Smith <joelsmith@redhat.com>
Add script to perform release chores
Signed-off-by: Joel Smith <joelsmith@redhat.com>
Signed-off-by: Joel Smith <joelsmith@redhat.com>
Release 2.12.0
* update kubectl apply with server-side --------- Signed-off-by: Husni Alhamdani <dhanielluis@gmail.com>
Signed-off-by: Joel Smith <joelsmith@redhat.com>
Signed-off-by: Joel Smith <joelsmith@redhat.com>
Release 2.12.1
Also: * make CRD extraction more robust, to handle more than just examples.keda.sh CRDs * notice when there are missing CRDs in the bundle generation inputs * manually sync some of the manifest CSV fields and the inputs to the generated bundle CSV's fields so that the new check passes Signed-off-by: Joel Smith <joelsmith@redhat.com>
Have relprep.sh check to see if bundle & manifest CSVs are in sync
Signed-off-by: Joel Smith <joelsmith@redhat.com>
Signed-off-by: Joel Smith <joelsmith@redhat.com>
Signed-off-by: Joel Smith <joelsmith@redhat.com>
Signed-off-by: Joel Smith <joelsmith@redhat.com>
Switch from keda build-tools image to keda-tools image
This change introduces a specific must-gather collection script for this operator within the operator image itself, so that it can be used directly with the Openshift must-gather process. Signed-off-by: Jose Valdes <jvaldes@redhat.com> Signed-off-by: Joel Smith <joelsmith@redhat.com>
openshift-ci
bot
added
the
approved
|
/hold |
openshift-ci
bot
added
the
do-not-merge/hold
|
/hold cancel |
openshift-ci
bot
removed
the
do-not-merge/hold
Ran: cma-generate-csv.sh 2.7.1 cma-generate-csv.sh 2.8.1 cma-generate-csv.sh 2.8.2 cma-generate-csv.sh 2.10.1 cma-generate-csv.sh 2.11.2
… Red Hat logo icon
We want to run the e2e suite, but we want to run it against something like what we're actually going to release, so instead of using the synthetic setup/teardown functions from the keda tests, we try to pack a proper bundle and install from that. This contains two dockerfiles. One for the operator which: - Builds the operator with the openshift builder/release images instead of the upstream builder image + distroless And another for the bundle which: - Can be used by the openshift CI bundle builder to build a cma bundle approximating that which is built by osbs
This excludes deps, utilities and tests from snyk scans to cut down on noise
joelsmith
force-pushed
the
rebase
branch
2 times, most recently
from
3321734 to
1a8c589
Compare
|
Let's see if openshift/release#49697 makes it so we can see why the e2e is failing on this PR. |
|
The operator is failing to run: Are we building with one version of glibc then moving the binary to a base image with a different version? I will investigate. Answer: yes. Updated to ubi9 |
Signed-off-by: Joel Smith <joelsmith@redhat.com>
In our 2.11.2 release we retired the old 9022 metrics port, which was superseded by port 8080. We updated the service with the port name "metrics", but it looks like we missed updating the ServiceMonitor, which still had it listed as "http" -- resulting in the prometheus target not working. This updates the ServiceMonitor so the port name matches the service, and the tubes are properly connected and "metrics" will be a valid prometheus target for keda-metrics-apiserver.
|
The kafka scaler tests are failing. It seems like the kafka CRD isn't on the cluster when the test runs. Is it a flake or a change in how the tests are run which we need to replicate? I'll investigate while it runs again. /retest |
|
It looks like we will need openshift/release#49783 and openshift/kedacore-keda#23 before the test will pass here. |
|
Fingers crossed! /retest |
|
@joelsmith: all tests passed! Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
|
Looks great! Thanks for grabbing the metrics API port fix, too -- saves me some trouble! 😄 It looks like maybe the carry patch d582ae5 (add .ci-operator.yaml) can be completely squashed with/superseded by 4823c83 (Update container base images) but I'm not the police, and I don't think the juice is worth the squeeze now. Maybe next time. /lgtm |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: jkyros, joelsmith The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
UPSTREAM: <carry>: add generated CMA CSV files for 2.11.2parts 1 to 5 andUPSTREAM: <carry>: add generated CMA CSV files for 2.7.1-2.10.1into newUPSTREAM: <carry>: add generated CMA CSV files for 2.7.1-2.11.2UPSTREAM: <carry>: Generate/check CMA CSV filesparts 1 to 4OWNERSfile and squash update intoUPSTREAM: <carry>: Add OpenShift OWNERS fileadd generated CMA CSV files for 2.12.1andUpdate container base images