Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[WIP] Add filtering label to secret and enable secret informer filtering by default #1084

Closed
wants to merge 11 commits into from
Closed

[WIP] Add filtering label to secret and enable secret informer filtering by default #1084

wants to merge 11 commits into from

Conversation

nak3
Copy link
Contributor

@nak3 nak3 commented Aug 2, 2023
edited
Loading

Changes

Currently users have to set ENABLE_SECRET_INFORMER_FILTERING_BY_CERT_UID to enable secret informer filtering.
It has a big pain that they have to add a label to their every single secret on their DomainMapping's BYO certs.

This patch changes the controller to add the label to the secret specified by DomainMapping.
As a consequence, it can enable ENABLE_SECRET_INFORMER_FILTERING_BY_CERT_UID by default.

/kind enhancement

Release Note

Kourier controller injects labels (`networking.internal.knative.dev/certificate-uid: <secret_name>`) to the secret used by auto-tls or DomainMapping's BYO certs.
It make possible to enables secret informer filtering (enabled via `ENABLE_SECRET_INFORMER_FILTERING_BY_CERT_UID` for now) by defalut.

TODO:

  • update unit test

@knative-prow knative-prow bot added kind/enhancement do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. labels Aug 2, 2023
@knative-prow
Copy link

knative-prow bot commented Aug 2, 2023

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: nak3

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@knative-prow knative-prow bot requested review from kauana and skonto August 2, 2023 07:31
@knative-prow knative-prow bot added approved Indicates a PR has been approved by an approver from all required OWNERS files. size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Aug 2, 2023
@codecov
Copy link

codecov bot commented Aug 2, 2023
edited
Loading

Codecov Report

Merging #1084 (b98dd66) into main (2a2db6d) will decrease coverage by 0.43%.
Report is 19 commits behind head on main.
The diff coverage is 45.00%.

@@            Coverage Diff             @@
##             main    #1084      +/-   ##
==========================================
- Coverage   80.00%   79.57%   -0.43%     
==========================================
  Files          18       18              
  Lines        1430     1449      +19     
==========================================
+ Hits         1144     1153       +9     
- Misses        229      237       +8     
- Partials       57       59       +2
Files Changed Coverage Δ
pkg/generator/ingress_translator.go 82.00% <45.00%> (-2.06%) ⬇️

@nak3
Copy link
Contributor Author

nak3 commented Aug 3, 2023

@skonto @dprotaso Could you please take a look if this approach is alright? I will add tests if no problem.
It is related to #862 knative-extensions/net-istio#920

skonto
skonto reviewed Aug 4, 2023
View reviewed changes
pkg/generator/ingress_translator.go
@@ -89,10 +95,31 @@ func (translator *IngressTranslator) translateIngress(ctx context.Context, ingre
}

secret, err := translator.secretGetter(ingressTLS.SecretNamespace, ingressTLS.SecretName)
if err != nil {
if apierrors.IsNotFound(err) {
Copy link
Contributor

@skonto skonto Aug 4, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So we are trying to make the UX easier, non-breaking and we add the label ourselves.
Are there any other secrets that might need the same?

Copy link
Contributor Author

@nak3 nak3 Aug 4, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Other secrets are deployed by us and so we have already added the label like https://github.com/knative/serving/blob/main/config/core/300-secret.yaml#L34 by default. So we don't need it.

@nak3
Copy link
Contributor Author

nak3 commented Aug 4, 2023

So, is it okay for this approach?

@knative-prow-robot
Copy link

PR needs rebase.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@knative-prow-robot knative-prow-robot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Sep 2, 2023
@nak3
Copy link
Contributor Author

nak3 commented Sep 13, 2023

Closing due to no feedback.

@nak3 nak3 closed this Sep 13, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@skonto skonto skonto left review comments

@kauana kauana Awaiting requested review from kauana

Assignees
No one assigned
Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. kind/enhancement needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. size/M Denotes a PR that changes 30-99 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@nak3 @knative-prow-robot @skonto