[release-4.16] OCPBUGS-63233: Manual feature backport of cert rotation for whereabouts#3040
Conversation
Includes cert check script logic and delpoyment of token watcher daemonset in openshift-mutlus namespace to watch for token change Signed-off-by: Benjamin Pickard <bpickard@redhat.com>
…uts-token-watcher
|
@bpickard22: This pull request references Jira Issue OCPBUGS-63233, which is valid. The bug has been moved to the POST state. 7 validation(s) were run on this bug
No GitHub users were found matching the public email listed for the QA contact in Jira (weliang@redhat.com), skipping review request. The bug has been updated to refer to the pull request using the external bug tracker. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
Important Review skippedAuto reviews are disabled on base/target branches other than the default branch. Please check the settings in the CodeRabbit UI or the ⚙️ Run configurationConfiguration used: Repository: openshift/coderabbit/.coderabbit.yaml Review profile: CHILL Plan: Enterprise Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: bpickard22 The full list of commands accepted by this bot can be found here. DetailsNeeds approval from an approver in each of these files:Approvers can indicate their approval by writing |
|
/jira cherrypick OCPBUGS-58066 |
|
@bpickard22: Detected clone of Jira Issue OCPBUGS-58066 with correct target version. Will retitle the PR to link to the clone. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
This commit introduces several improvements to the whereabouts-token-watcher DaemonSet: - Corrects a typo in the description. - Adds logging helper functions for better script output. - Ensures the service account token is read dynamically during kubeconfig generation. - Fixes the logical grouping in the CA file change detection condition. - Increases the kubeconfig regeneration check interval to 60 seconds. - Mounts the host's CNI network directory for proper CNI configuration management. Signed-off-by: Peng Liu <pliu@redhat.com> Signed-off-by: Benjamin Pickard <bpickard@redhat.com>
a56bd74 to
28d9a45
Compare
|
@bpickard22: This pull request references Jira Issue OCPBUGS-63233, which is valid. 7 validation(s) were run on this bug
No GitHub users were found matching the public email listed for the QA contact in Jira (weliang@redhat.com), skipping review request. The bug has been updated to refer to the pull request using the external bug tracker. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
/retest |
|
@bpickard22: The following tests failed, say
Full PR test history. Your PR dashboard. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
Manual backport of the whereabouts-token-watcher feature and follow-up fixes to release-4.16.
release-4.16 did not contain the token-watcher feature at all, so this required a manual backport of the feature plus accumulated fixes rather than a simple cherry-pick. Cherry-picked from 4.17 (PR #2784) and master (#2727, #2841). Future backports of follow-up fixes should be possible via the cherry-pick bot.
Equivalent to what is on release-4.17.