BZ 1768751: Add Web UI to rotate-certs.sh #499
Conversation
kubevirt-bot
added
release-note
|
@tiraboschi , can you please suggest branch to backport this PR to? |
|
/assign @tiraboschi |
mareklibra
changed the title
tools/rotate-certs.sh
Outdated
| formerVersion=$(${_kubectl} get kwebui kubevirt-web-ui -o yaml | grep ' version: '|sed 's/^.*: *\(.*\)$/\1/g') | ||
| echo Detected former Web UI version: ${formerVersion} | ||
| ${_kubectl} patch kwebui kubevirt-web-ui --patch '{"spec": {"version": ""}}' --type=merge # undeploy | ||
| sleep 15 # give kubevirt-web-ui-operator enough time to react, but it's usually instant |
There was a problem hiding this comment.
The web-ui-operator needs to start reconciliation (means undeployment). We do not need to wait till it's finished.
mareklibra
force-pushed
the
bz1768751.web-ui.rotateCert
branch
from
01d1970 to
0e54afe
Compare
Good point, thank you. This should be valid for 1.4.Z only. I have added check for presence of the corresponding CRD. |
tools/rotate-certs.sh
Outdated
| formerVersion=$(${_kubectl} get kwebui kubevirt-web-ui -o yaml | grep ' version: '|sed 's/^.*: *\(.*\)$/\1/g') | ||
| echo Detected former Web UI version: ${formerVersion} | ||
| ${_kubectl} patch kwebui kubevirt-web-ui --patch '{"spec": {"version": ""}}' --type=merge # undeploy | ||
| sleep 15 # give kubevirt-web-ui-operator enough time to react, but it's usually instant |
There was a problem hiding this comment.
An unconditional sleep is not really good. You are probably waiting for the ui-deployment to be scaled down or deleted. Could you either just scale down the deployment (which is waiting), or periodically check that the deployment got deleted?
There was a problem hiding this comment.
Actually I already had code here checking presence of pods (they are about to be terminated). But found that this is not important. The operator just needs to get time to initiate the reconciliation - to start undeployment. We do not need to wait for this undeployment to be finished.
If really requested, I can add similar check back, either based on status in the CR or pod presence, but it will make the code here harder to read with no/very limited benefit.
There was a problem hiding this comment.
What if the undeploy does not happen withing 15 seconds (e.g. temporary error or rbac issue, or whatever)? You would set the version again after 15 seconds. Wouldn't you then risk that no rotation happened at all?
There was a problem hiding this comment.
Ok, waiting is added
|
/lgtm cancel |
mareklibra
force-pushed
the
bz1768751.web-ui.rotateCert
branch
from
0e54afe to
85b7119
Compare
kubevirt-bot
added
dco-signoff: no
tiraboschi
force-pushed
the
bz1768751.web-ui.rotateCert
branch
from
b847104 to
16710d7
Compare
kubevirt-bot
added
dco-signoff: yes
|
/lgtm |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: rmohr, tiraboschi The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
kubevirt-bot
added
the
approved
|
/retest |
|
/test pull-hyperconverged-cluster-operator-e2e-k8s-1.15.1 |
|
/retest |
|
/test pull-hyperconverged-cluster-operator-e2e-k8s-1.15.1 |
|
/retest |
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1768751 Signed-off-by: Marek Libra <[email protected]>
Co-Authored-By: David Zager <[email protected]> Signed-off-by: Simone Tiraboschi <[email protected]>
mareklibra
force-pushed
the
bz1768751.web-ui.rotateCert
branch
from
16710d7 to
b690c91
Compare
kubevirt-bot
added
dco-signoff: no
Signed-off-by: Marek Libra <[email protected]>
mareklibra
force-pushed
the
bz1768751.web-ui.rotateCert
branch
from
b690c91 to
85663f8
Compare
kubevirt-bot
added
dco-signoff: yes
|
/test pull-hyperconverged-cluster-operator-e2e-k8s-1.15.1 |
|
/retest |
|
/test pull-hyperconverged-cluster-operator-e2e-k8s-1.15.1 |
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1768751
Release note: