-
Notifications
You must be signed in to change notification settings - Fork 13
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ROX-23263: move from OSCI cluster pool to infra clusters for e2e #1940
Conversation
// is a private IP address of the pod running the oidc server. This breaks tls validation. | ||
// This override makes sure that in those cases kubernetes.default.svc is used instead of the IP | ||
glog.V(5).Infof("Configured issuer is: %s and jwks_uri contains IP, replacing host with internal kubernetes svc", i.IssuerURI) | ||
jwksURI = i.overrideJwksURIForInternalCluster(jwksURL) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just thinking out loud: Maybe we need to fallback to this scenario in all cases where we fail to fetch the jwks file?
- IP check looks too heuristic, in theory it can be public;
- It might be necessary in other edge cases;
- We could expand this fallback to the local cluster edge-case that also looks like a workaround.
It doesn't have to be done right now, just food for thought for future refactoring.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sound like it would be good to do some refactoring here. Lets discuss what you have in mind in more detail in slack and do the refactoring in a follow up PR.
local env_value="$2" | ||
|
||
if command -v cci-export >/dev/null; then | ||
cci-export "$env_name" "$env_value" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Are we going to use cci-export
in CI? Couldn't find any relevant information about it. If not, maybe we could simplify this function..
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This function is copied from stackrox/stackrox repo. I'm not sure if we're using it but left it there to make sure we don't accidentally break something in the images used by the predefined workflow steps.
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: johannes94, kovayur The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Description
This PR prepares the required changes in this repo for e2e tests to run against cluster create through stackrox infra and respective workflows in the openshift/release repository.
This PR adds:
To test the changes, I created a PR with a rehearsal job in the openshift/release repository:
openshift/release#54055
As a follow up once this is merged, instead of having a job that runs against the branch in this PR, I will modify our current e2e ci-operator configuration to run a job like above PR but against the main branch.
Checklist (Definition of Done)
Test manual
ROX-12345: ...
Test manual
Successful rehearsal job in openshift/release PR linked above.