Skip to content
This repository was archived by the owner on Jul 11, 2023. It is now read-only.

feat(certs): use MeshConfig feature flag to enable MRC #5204

Merged
merged 11 commits into from
Nov 21, 2022
Merged

feat(certs): use MeshConfig feature flag to enable MRC #5204

merged 11 commits into from
Nov 21, 2022

Conversation

jaellio
Copy link
Contributor

@jaellio jaellio commented Oct 14, 2022
edited
Loading

Description:

Replace binary flag with MeshConfig feature flag to enable the use
of the MRC. If OSM has been installed with
EnableMeshRootCertificate disabled, if the feature flag is then
enabled in the MeshConfig the control plane components must be
restarted in order to pick up on the enabled flag, and begin using
the MRC for certificate management.

Adds an e2e to check enabling the MRC after osm install for each
cert provider.

Dependent on #5201
Resolves #5041
Part of #4835

Testing done:

  • e2e
  • Manual testing with demo

Affected area:

Functional Area
New Functionality [x]
Certificate Management [x]

Please answer the following questions with yes/no.

  1. Does this change contain code from or inspired by another project? no

    • Did you notify the maintainers and provide attribution?

  2. Is this a breaking change? no

  3. Has documentation corresponding to this change been updated in the osm-docs repo (if applicable)? no

@jaellio jaellio force-pushed the addEnableMRCFeatureFlag branch from 3b99920 to 40b2c33 Compare October 14, 2022 22:17
@jaellio jaellio force-pushed the addEnableMRCFeatureFlag branch 2 times, most recently from bcccee7 to a78c5c4 Compare November 8, 2022 06:03
@jaellio jaellio marked this pull request as ready for review November 8, 2022 06:05
@jaellio jaellio marked this pull request as draft November 8, 2022 17:28
@jaellio jaellio force-pushed the addEnableMRCFeatureFlag branch 4 times, most recently from cd716f6 to d772ecc Compare November 9, 2022 21:44
@jaellio jaellio marked this pull request as ready for review November 10, 2022 23:10
@codecov-commenter
Copy link

codecov-commenter commented Nov 10, 2022
edited
Loading

Codecov Report

Merging #5204 (54136bd) into main (d7b436c) will decrease coverage by 0.03%.
The diff coverage is 0.00%.

@@            Coverage Diff             @@
##             main    #5204      +/-   ##
==========================================
- Coverage   70.33%   70.30%   -0.04%     
==========================================
  Files         195      195              
  Lines       15694    15697       +3     
==========================================
- Hits        11038    11035       -3     
- Misses       4601     4607       +6     
  Partials       55       55
Flag Coverage Δ
unittests 70.30% <0.00%> (-0.04%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files Coverage Δ
cmd/osm-bootstrap/osm-bootstrap.go 45.42% <0.00%> (-0.76%) ⬇️
cmd/osm-controller/osm-controller.go 17.41% <0.00%> (-0.45%) ⬇️
pkg/messaging/workqueue.go 89.28% <0.00%> (-10.72%) ⬇️
pkg/certificate/manager.go 88.38% <0.00%> (+0.82%) ⬆️

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

@jaellio jaellio force-pushed the addEnableMRCFeatureFlag branch from 6ffa86a to dbe3021 Compare November 11, 2022 19:25
@jaellio jaellio force-pushed the addEnableMRCFeatureFlag branch from 1bde043 to 673d8b5 Compare November 11, 2022 19:51
@jaellio jaellio mentioned this pull request Nov 14, 2022
Merged
@jaellio jaellio force-pushed the addEnableMRCFeatureFlag branch from d39a3ac to 2a867cb Compare November 14, 2022 21:42
@jaellio jaellio requested a review from keithmattix November 16, 2022 00:05
keithmattix
keithmattix approved these changes Nov 16, 2022
View reviewed changes
steeling
steeling approved these changes Nov 19, 2022
View reviewed changes
cmd/osm-bootstrap/osm-bootstrap.go
// shouldCreateMeshRootCertificate gets the MeshConfig and returns the values of the enableMeshRootCertificate
// feature flag
func (b *bootstrap) shouldCreateMeshRootCertificate() bool {
config, err := b.configClient.ConfigV1alpha2().MeshConfigs(b.namespace).Get(context.TODO(), meshConfigName, metav1.GetOptions{})
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can we have this also check if a meshRootCertificate already exists? If there are any we should not create a new one.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Renamed method to shouldEnsureMeshRootCertificate. The logic to check for an existing active MRCs is in ensureMeshRootCertificate.

@jaellio
feat(certs): use MeshConfig feature flag to enable MRC
7bb98d4 
Replace binary flag with MeshConfig feature flag to enable the use
of the MRC. If OSM has been installed with
EnableMeshRootCertificate disabled, if the feature flag is then
enabled in the MeshConfig the control plane components must be
restarted in order to pick up on the enabled flag, and begin using
the MRC for certificate management.

Signed-off-by: jaellio <[email protected]>
@jaellio
Add e2e to check enabling MRC after install for each cert provider
51c0623 
Signed-off-by: jaellio <[email protected]>
@jaellio
Update osm-bootstrap to get MeshConfig to check
379524a 
enableMeshRootCertificate feature flag

Signed-off-by: jaellio <[email protected]>
@jaellio
Always create preset mesh root certificate regardless of flag
c85b6c9 
Signed-off-by: jaellio <[email protected]>
@jaellio
Use rolling restart instead of delete for control plane components
5d67c1d 
and restart bootstrap before controller and injector.

Signed-off-by: jaellio <[email protected]>
@jaellio
Fix timing issue with rollout restart and wait for ready
5f99f98 
Signed-off-by: jaellio <[email protected]>
@jaellio
Update vault secret and key for token
8fc8e41 
Signed-off-by: jaellio <[email protected]>
@jaellio
Update osm deployment requirements
5fa021c 
Signed-off-by: jaellio <[email protected]>
@jaellio
Revert changes to RestartOSMController
862a515 
Signed-off-by: jaellio <[email protected]>
@jaellio
Update failing install tests and add vault host requirement
f6993de 
Signed-off-by: jaellio <[email protected]>
@jaellio
Rebase and update enableMeshRootCertificate check in osm-bootstrap
54136bd 
Signed-off-by: jaellio <[email protected]>
@jaellio jaellio force-pushed the addEnableMRCFeatureFlag branch from 2a867cb to 54136bd Compare November 21, 2022 18:07
@jaellio jaellio merged commit e9ee46f into openservicemesh:main Nov 21, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@keithmattix keithmattix keithmattix approved these changes

@jsturtevant jsturtevant jsturtevant approved these changes

@steeling steeling steeling approved these changes

@shashankram shashankram Awaiting requested review from shashankram

@snehachhabria snehachhabria Awaiting requested review from snehachhabria

@nojnhuh nojnhuh Awaiting requested review from nojnhuh

@draychev draychev Awaiting requested review from draychev

@trstringer trstringer Awaiting requested review from trstringer

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add EnableMeshRootCertificate to MeshConfig
5 participants
@jaellio @codecov-commenter @jsturtevant @keithmattix @steeling