Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

NETOBSERV-1295: Fix cacert monitoring copy #414

Merged
merged 1 commit into from
Sep 14, 2023
Merged

NETOBSERV-1295: Fix cacert monitoring copy #414

merged 1 commit into from
Sep 14, 2023

Conversation

OlivierCazade
Copy link
Contributor

Description

Add certificate copy to monitoring namespace.

Dependencies

n/a

Checklist

If you are not familiar with our processes or don't know what to answer in the list below, let us know in a comment: the maintainers will take care of that.

  • Is this PR backed with a JIRA ticket? If so, make sure it is written as a title prefix (in general, PRs affecting the NetObserv/Network Observability product should be backed with a JIRA ticket - especially if they bring user facing changes).
  • Does this PR require product documentation?
    • If so, make sure the JIRA epic is labelled with "documentation" and provides a description relevant for doc writers, such as use cases or scenarios. Any required step to activate or configure the feature should be documented there, such as new CRD knobs.
  • Does this PR require a product release notes entry?
    • If so, fill in "Release Note Text" in the JIRA.
  • Is there anything else the QE team should know before testing? E.g: configuration changes, environment setup, etc.
    • If so, make sure it is described in the JIRA ticket.
  • QE requirements (check 1 from the list):
    • Standard QE validation, with pre-merge tests unless stated otherwise.
    • Regression tests only (e.g. refactoring with no user-facing change).
    • No QE (e.g. trivial change with high reviewer's confidence, or per agreement with the QE team).

@openshift-ci-robot
Copy link
Collaborator

openshift-ci-robot commented Sep 12, 2023
edited by openshift-ci bot
Loading

@OlivierCazade: This pull request references NETOBSERV-1295 which is a valid jira issue.

In response to this:

Description

Add certificate copy to monitoring namespace.

Dependencies

n/a

Checklist

If you are not familiar with our processes or don't know what to answer in the list below, let us know in a comment: the maintainers will take care of that.

  • Is this PR backed with a JIRA ticket? If so, make sure it is written as a title prefix (in general, PRs affecting the NetObserv/Network Observability product should be backed with a JIRA ticket - especially if they bring user facing changes).
  • Does this PR require product documentation?
  • If so, make sure the JIRA epic is labelled with "documentation" and provides a description relevant for doc writers, such as use cases or scenarios. Any required step to activate or configure the feature should be documented there, such as new CRD knobs.
  • Does this PR require a product release notes entry?
  • If so, fill in "Release Note Text" in the JIRA.
  • Is there anything else the QE team should know before testing? E.g: configuration changes, environment setup, etc.
  • If so, make sure it is described in the JIRA ticket.
  • QE requirements (check 1 from the list):
  • Standard QE validation, with pre-merge tests unless stated otherwise.
  • Regression tests only (e.g. refactoring with no user-facing change).
  • No QE (e.g. trivial change with high reviewer's confidence, or per agreement with the QE team).

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@OlivierCazade OlivierCazade requested a review from jotak September 12, 2023 13:22
@codecov
Copy link

codecov bot commented Sep 12, 2023
edited
Loading

Codecov Report

Patch coverage: 5.40% and project coverage change: -0.82% ⚠️

Comparison is base (ba06996) 56.22% compared to head (a83fe15) 55.41%.
Report is 1 commits behind head on main.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main     #414      +/-   ##
==========================================
- Coverage   56.22%   55.41%   -0.82%     
==========================================
  Files          46       46              
  Lines        5960     5995      +35     
==========================================
- Hits         3351     3322      -29     
- Misses       2383     2438      +55     
- Partials      226      235       +9
Flag Coverage Δ
unittests 55.41% <5.40%> (-0.82%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Files Changed Coverage Δ
controllers/flowcollector_objects.go 46.91% <0.00%> (ø)
...trollers/flowlogspipeline/flp_ingest_reconciler.go 64.28% <0.00%> (-1.77%) ⬇️
...ollers/flowlogspipeline/flp_monolith_reconciler.go 64.00% <0.00%> (-1.58%) ⬇️
...rollers/flowlogspipeline/flp_transfo_reconciler.go 60.14% <0.00%> (-1.34%) ⬇️
pkg/watchers/watcher.go 64.39% <0.00%> (-12.73%) ⬇️
controllers/flowlogspipeline/flp_reconciler.go 60.56% <16.66%> (-8.93%) ⬇️

... and 5 files with indirect coverage changes

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

jotak
jotak previously approved these changes Sep 12, 2023
View reviewed changes
Copy link
Member

@jotak jotak left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

code lgtm

@openshift-ci openshift-ci bot added the lgtm label Sep 12, 2023
@memodi
Copy link
Contributor

memodi commented Sep 12, 2023

/ok-to-test

@openshift-ci openshift-ci bot added the ok-to-test To set manually when a PR is safe to test. Triggers image build on PR. label Sep 12, 2023
@github-actions
Copy link

New images:

  • quay.io/netobserv/network-observability-operator:95e04c9
  • quay.io/netobserv/network-observability-operator-bundle:v0.0.0-95e04c9
  • quay.io/netobserv/network-observability-operator-catalog:v0.0.0-95e04c9

They will expire after two weeks.

To deploy this build:

# Direct deployment, from operator repo
IMAGE=quay.io/netobserv/network-observability-operator:95e04c9 make deploy

# Or using operator-sdk
operator-sdk run bundle quay.io/netobserv/network-observability-operator-bundle:v0.0.0-95e04c9

Or as a Catalog Source:

apiVersion: operators.coreos.com/v1alpha1
kind: CatalogSource
metadata:
  name: netobserv-dev
  namespace: openshift-marketplace
spec:
  sourceType: grpc
  image: quay.io/netobserv/network-observability-operator-catalog:v0.0.0-95e04c9
  displayName: NetObserv development catalog
  publisher: Me
  updateStrategy:
    registryPoll:
      interval: 1m

memodi
memodi reviewed Sep 12, 2023
View reviewed changes
controllers/constants/constants.go
Comment on lines +36 to +37
MonitoringNamespace = "openshift-monitoring"
MonitoringServiceAccount = "prometheus-k8s"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

what are these hard coded values for?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Constants for monitoring namespace and monitoring role, they were already there, I just moved them to the constant file since they are now used at different places.

memodi
memodi requested changes Sep 12, 2023
View reviewed changes
Copy link
Contributor

@memodi memodi left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@OlivierCazade - I am still getting error with the Operator image from this PR:

Warning FailedMount 3s (x6 over 18s) kubelet MountVolume.SetUp failed for volume "prom-certs" : configmap "prov-certs-ns" not found

$ oc get csv/netobserv-operator.v0.0.0-95e04c9 -n openshift-netobserv-operator -o yaml | egrep -A 1 "DOWN"
                - --downstream-deployment=$(DOWNSTREAM_DEPLOYMENT)
                command:
--
                - name: DOWNSTREAM_DEPLOYMENT
                  value: "true"

OCP: 4.14.0-0.nightly-2023-09-12-024050
NetObserv operator: v0.0.0-95e04c9
Loki: 0-click-loki
eBPF-agent: main
FLP: main
ConsolePlugin: main

Using config:

          tls:
            insecureSkipVerify: false
            provided:
              certFile: tls.crt
              certKey: tls.key
              name: prov-certs-ns
              namespace: netobserv-cm
              type: configmap
            providedCaFile:
              file: rootCA.crt
              name: prov-certs-ca-ns
              namespace: netobserv-cm
              type: configmap
            type: PROVIDED

$ oc get cm -n netobserv-cm
NAME                       DATA   AGE
kube-root-ca.crt           1      8m48s
openshift-service-ca.crt   1      8m48s
prov-certs-ca-ns           1      7m56s
prov-certs-ns              2      8m5s

@openshift-ci openshift-ci bot removed the lgtm label Sep 12, 2023
@github-actions github-actions bot removed the ok-to-test To set manually when a PR is safe to test. Triggers image build on PR. label Sep 13, 2023
@OlivierCazade
Copy link
Contributor Author

Thanks @memodi.

My initial PR was to fix the CaCert copy when in a different namespace, but it turn out there was also a bug with the old provided certs when they are also in a different namespace.

Updated PR should resolve both.

@memodi
Copy link
Contributor

memodi commented Sep 13, 2023

/ok-to-test

@openshift-ci openshift-ci bot added the ok-to-test To set manually when a PR is safe to test. Triggers image build on PR. label Sep 13, 2023
@github-actions
Copy link

New images:

  • quay.io/netobserv/network-observability-operator:60dfe0a
  • quay.io/netobserv/network-observability-operator-bundle:v0.0.0-60dfe0a
  • quay.io/netobserv/network-observability-operator-catalog:v0.0.0-60dfe0a

They will expire after two weeks.

To deploy this build:

# Direct deployment, from operator repo
IMAGE=quay.io/netobserv/network-observability-operator:60dfe0a make deploy

# Or using operator-sdk
operator-sdk run bundle quay.io/netobserv/network-observability-operator-bundle:v0.0.0-60dfe0a

Or as a Catalog Source:

apiVersion: operators.coreos.com/v1alpha1
kind: CatalogSource
metadata:
  name: netobserv-dev
  namespace: openshift-marketplace
spec:
  sourceType: grpc
  image: quay.io/netobserv/network-observability-operator-catalog:v0.0.0-60dfe0a
  displayName: NetObserv development catalog
  publisher: Me
  updateStrategy:
    registryPoll:
      interval: 1m

jotak
jotak previously approved these changes Sep 13, 2023
View reviewed changes
@openshift-ci openshift-ci bot added the lgtm label Sep 13, 2023
@openshift-ci openshift-ci bot removed the lgtm label Sep 13, 2023
@github-actions github-actions bot removed the ok-to-test To set manually when a PR is safe to test. Triggers image build on PR. label Sep 13, 2023
@memodi
Copy link
Contributor

memodi commented Sep 13, 2023

/ok-to-test

@openshift-ci openshift-ci bot added the ok-to-test To set manually when a PR is safe to test. Triggers image build on PR. label Sep 13, 2023
@github-actions
Copy link

New images:

  • quay.io/netobserv/network-observability-operator:47510aa
  • quay.io/netobserv/network-observability-operator-bundle:v0.0.0-47510aa
  • quay.io/netobserv/network-observability-operator-catalog:v0.0.0-47510aa

They will expire after two weeks.

To deploy this build:

# Direct deployment, from operator repo
IMAGE=quay.io/netobserv/network-observability-operator:47510aa make deploy

# Or using operator-sdk
operator-sdk run bundle quay.io/netobserv/network-observability-operator-bundle:v0.0.0-47510aa

Or as a Catalog Source:

apiVersion: operators.coreos.com/v1alpha1
kind: CatalogSource
metadata:
  name: netobserv-dev
  namespace: openshift-marketplace
spec:
  sourceType: grpc
  image: quay.io/netobserv/network-observability-operator-catalog:v0.0.0-47510aa
  displayName: NetObserv development catalog
  publisher: Me
  updateStrategy:
    registryPoll:
      interval: 1m

@memodi
Copy link
Contributor

memodi commented Sep 13, 2023

/label qe-approved

@openshift-ci openshift-ci bot added the qe-approved QE has approved this pull request label Sep 13, 2023
@openshift-ci openshift-ci bot added the lgtm label Sep 14, 2023
@OlivierCazade
Copy link
Contributor Author

/approve

@openshift-ci
Copy link

openshift-ci bot commented Sep 14, 2023

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: OlivierCazade

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-merge-robot openshift-merge-robot merged commit 0ffa93c into netobserv:main Sep 14, 2023
OlivierCazade added a commit to OlivierCazade/network-observability-operator that referenced this pull request Sep 14, 2023
@OlivierCazade
Fix certs monitoring copy (netobserv#414)
2f68165
openshift-merge-robot pushed a commit that referenced this pull request Sep 14, 2023
@OlivierCazade
Fix certs monitoring copy (#414) (#416)
5dbfa16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jotak jotak jotak approved these changes

@jpinsonneau jpinsonneau Awaiting requested review from jpinsonneau

@memodi memodi Awaiting requested review from memodi

Assignees

@jotak jotak

@memodi memodi

Labels
approved jira/valid-reference lgtm ok-to-test To set manually when a PR is safe to test. Triggers image build on PR. qe-approved QE has approved this pull request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@OlivierCazade @openshift-ci-robot @memodi @jotak @openshift-merge-robot