Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: karmadactl add ca-cert-path and ca-key-path opts #5127

Merged
merged 1 commit into from
Jul 12, 2024
Merged

feat: karmadactl add ca-cert-path and ca-key-path opts #5127

merged 1 commit into from
Jul 12, 2024

Conversation

guozheng-shen
Copy link
Contributor

@guozheng-shen guozheng-shen commented Jul 3, 2024
edited by RainbowMango
Loading

What type of PR is this?
/kind feature

What this PR does / why we need it:
issue: #5103

Which issue(s) this PR fixes:
Fixes #5103

Special notes for your reviewer:

Does this PR introduce a user-facing change?:

`karmadactl`: Introduced `--ca-cert-file` and `--ca-key-file` flags to `init` command to specify the root CA which will be used to issue the certificate for components.

@karmada-bot karmada-bot added the kind/feature Categorizes issue or PR as related to a new feature. label Jul 3, 2024
@karmada-bot karmada-bot added the size/M Denotes a PR that changes 30-99 lines, ignoring generated files. label Jul 3, 2024
@codecov-commenter
Copy link

codecov-commenter commented Jul 3, 2024
edited
Loading

⚠️ Please install the 'codecov app svg image' to ensure uploads and comments are reliably processed by Codecov.

Codecov Report

Attention: Patch coverage is 59.09091% with 9 lines in your changes missing coverage. Please review.

Project coverage is 28.27%. Comparing base (c4a81bf) to head (43bb7c7).
Report is 30 commits behind head on master.

Files Patch % Lines
pkg/karmadactl/cmdinit/cert/cert.go 64.70% 3 Missing and 3 partials ⚠️
pkg/karmadactl/cmdinit/kubernetes/deploy.go 0.00% 1 Missing and 2 partials ⚠️

❗ Your organization needs to install the Codecov GitHub app to enable full functionality.

Additional details and impacted files 
@@            Coverage Diff             @@
##           master    #5127      +/-   ##
==========================================
+ Coverage   28.21%   28.27%   +0.05%     
==========================================
  Files         632      632              
  Lines       43568    43608      +40     
==========================================
+ Hits        12294    12329      +35     
+ Misses      30378    30377       -1     
- Partials      896      902       +6
Flag Coverage Δ
unittests 28.27% <59.09%> (+0.05%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@karmada-bot karmada-bot added the do-not-merge/contains-merge-commits Indicates a PR which contains merge commits. label Jul 3, 2024
@RainbowMango
Copy link
Member

/assign @chaosi-zju

@guozheng-shen You might need to rebase to get rid of the merge commits. #5127 (comment).

chaosi-zju
chaosi-zju reviewed Jul 4, 2024
View reviewed changes
Copy link
Member

@chaosi-zju chaosi-zju left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hello, thank you for your important commit! Review is ongoing, and my viewpoint just for reference only.

pkg/karmadactl/cmdinit/cert/cert.go Outdated Show resolved Hide resolved
pkg/karmadactl/cmdinit/cert/cert.go Show resolved Hide resolved
@karmada-bot karmada-bot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. and removed size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Jul 4, 2024
@karmada-bot karmada-bot added size/M Denotes a PR that changes 30-99 lines, ignoring generated files. and removed do-not-merge/contains-merge-commits Indicates a PR which contains merge commits. size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels Jul 4, 2024
@chaosi-zju
Copy link
Member

The CI of this PR failed due to it wasn't signed off, usually please use git commit -s -m 'your message ' or git commit -m ' Signed-off-by: AuthorName <[email protected]> \n <other message> ' to pass DCO.

Detail guideline can refer to: https://probot.github.io/apps/dco/

@chaosi-zju
Copy link
Member

chaosi-zju commented Jul 5, 2024
edited
Loading

generally looks good, thanks for your contribution!

By the way, have you tested?

chaosi-zju
chaosi-zju reviewed Jul 5, 2024
View reviewed changes
pkg/karmadactl/cmdinit/cert/cert_test.go
@@ -101,7 +101,7 @@ func TestGenCerts(_ *testing.T) {
apiserverCertCfg := NewCertConfig("karmada-apiserver", []string{""}, karmadaAltNames, &notAfter)
frontProxyClientCertCfg := NewCertConfig("front-proxy-client", []string{}, certutil.AltNames{}, &notAfter)

if err := GenCerts(TestCertsTmp, etcdServerCertConfig, etcdClientCertCfg, karmadaCertCfg, apiserverCertCfg, frontProxyClientCertCfg); err != nil {
if err := GenCerts(TestCertsTmp, "", "", etcdServerCertConfig, etcdClientCertCfg, karmadaCertCfg, apiserverCertCfg, frontProxyClientCertCfg); err != nil {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It would be even better if you could supplement the test coverage for this case GenCerts(TestCertsTmp, caCertPath, caKeyPath, etcdServerCertConfig, etcdClientCertCfg, karmadaCertCfg, apiserverCertCfg, frontProxyClientCertCfg) ٩(๑❛ᴗ❛๑)۶ .

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ok

chaosi-zju
chaosi-zju reviewed Jul 9, 2024
View reviewed changes
pkg/karmadactl/cmdinit/cert/cert_test.go Outdated Show resolved Hide resolved
pkg/karmadactl/cmdinit/cert/cert_test.go Outdated Show resolved Hide resolved
@chaosi-zju
Copy link
Member

/lgtm

cc @RainbowMango

@karmada-bot karmada-bot added the lgtm Indicates that a PR is ready to be merged. label Jul 10, 2024
@karmada-bot karmada-bot removed the lgtm Indicates that a PR is ready to be merged. label Jul 10, 2024
@tiansuo114
Copy link
Contributor

Hello @guozheng-shen , I am a student participating in the karmada community open source activity. According to Tutor @liangyuanpeng suggestion, we think we can make some modifications to cert_test, adding the function of checking whether certificate files exist in the corresponding directory according to parameter passing to the end of the original unit test file. I am currently working on this aspect Would you like to ask what your opinion is on this modification, thank you for your trouble

您好,我是一名参加karmada社区开源活动的学生。根据导师@liangyuanpeng的建议,我们认为可以对cert_test进行一些修改,在原来的单元测试文件末尾添加根据参数传递来检查相应目录中是否存在证书文件的功能。我目前正在做这方面的工作,对此,我想请问您对这次修改有何意见,麻烦您了

RainbowMango
RainbowMango reviewed Jul 11, 2024
View reviewed changes
Copy link
Member

@RainbowMango RainbowMango left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/assign

RainbowMango
RainbowMango reviewed Jul 11, 2024
View reviewed changes
Copy link
Member

@RainbowMango RainbowMango left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks great! Thanks @guozheng-shen for doing this.
Just some nits, otherwise looks good to me.

pkg/karmadactl/cmdinit/cmdinit.go Outdated Show resolved Hide resolved
pkg/karmadactl/cmdinit/kubernetes/deploy.go Outdated Show resolved Hide resolved
pkg/karmadactl/cmdinit/cert/cert.go Outdated Show resolved Hide resolved
pkg/karmadactl/cmdinit/cert/cert.go Outdated
@@ -261,11 +262,12 @@ func NewCertConfig(cn string, org []string, altNames certutil.AltNames, notAfter
}

// GenCerts Create CA certificate and sign etcd karmada certificate.
func GenCerts(pkiPath string, etcdServerCertCfg, etcdClientCertCfg, karmadaCertCfg, apiserverCertCfg, frontProxyClientCertCfg *CertsConfig) error {
caCert, caKey, err := NewCACertAndKey("karmada")
func GenCerts(pkiPath, caCertPath, caKeyPath string, etcdServerCertCfg, etcdClientCertCfg, karmadaCertCfg, apiserverCertCfg, frontProxyClientCertCfg *CertsConfig) error {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Note: Too many parameters for this function.

Not required to fix it in this PR. But it is concerning.

RainbowMango
RainbowMango reviewed Jul 12, 2024
View reviewed changes
Copy link
Member

@RainbowMango RainbowMango left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@guozheng-shen Have you tested this latest patch on your side? Does it work as expected?

@chaosi-zju @liangyuanpeng Do you have any further comments?

@karmada-bot karmada-bot added the lgtm Indicates that a PR is ready to be merged. label Jul 12, 2024
@liangyuanpeng liangyuanpeng mentioned this pull request Jul 12, 2024
Merged
@liangyuanpeng
Copy link
Contributor

Have you tested this latest patch on your side? Does it work as expected?

wating for the answer for test successed,otherwise LGTM

@chaosi-zju
Copy link
Member

looks good

CC @RainbowMango

RainbowMango
RainbowMango approved these changes Jul 12, 2024
View reviewed changes
Copy link
Member

@RainbowMango RainbowMango left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

OK thanks, let's do it.
/approve

@karmada-bot
Copy link
Collaborator

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: RainbowMango

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@karmada-bot karmada-bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jul 12, 2024
@karmada-bot karmada-bot merged commit fdc29c7 into karmada-io:master Jul 12, 2024
12 checks passed
@RainbowMango RainbowMango added this to the v1.11 milestone Aug 31, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tiansuo114 tiansuo114 tiansuo114 left review comments

@chaosi-zju chaosi-zju chaosi-zju left review comments

@liangyuanpeng liangyuanpeng liangyuanpeng left review comments

@RainbowMango RainbowMango RainbowMango approved these changes

@prodanlabs prodanlabs Awaiting requested review from prodanlabs

Assignees

@RainbowMango RainbowMango

@chaosi-zju chaosi-zju

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. kind/feature Categorizes issue or PR as related to a new feature. lgtm Indicates that a PR is ready to be merged. size/M Denotes a PR that changes 30-99 lines, ignoring generated files.
Projects
None yet
Milestone
v1.11
Development

Successfully merging this pull request may close these issues.

When we use karmadactl to initialize the cluster, the specified ca certificate is not supported
7 participants
@guozheng-shen @codecov-commenter @RainbowMango @chaosi-zju @tiansuo114 @liangyuanpeng @karmada-bot