Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[v0.10] [SURE-8993] Backport of CABundle secret not created for gitjob #2829

Closed
manno opened this issue Sep 11, 2024 · 1 comment
Closed

[v0.10] [SURE-8993] Backport of CABundle secret not created for gitjob #2829

manno opened this issue Sep 11, 2024 · 1 comment
Labels
JIRA Must shout status/needs-qa-test-template
Milestone
v2.9.2

Comments

@manno
Copy link
Member

manno commented Sep 11, 2024
edited
Loading

Backport of #2824

Pull request content for Rancher QA verification.

Problem

When a user specifies a CA in a GitRepo resource, the CA data should be put into a secret. The job that clones the repo and creates the bundle mounts the secret.
The secret was never created. However, the secret was mounted on the job's pod, so the job would never start. K8s will emit an event like this:

fleet-local 46s Warning FailedMount pod/simple-aa0c4-4lrcx

MountVolume.SetUp failed for volume "additional-ca" : secret "simple-cabundle" not found

Solution

The code to create the secret was re-added.

Testing

Engineering Testing

Manual Testing

We created the secret manually and observed the job to complete. We then added the code to create it, added a GitRepo with an arbitrary CA bundle and the job completed.
After deleting the GitRepo, the secret is removed, too.

Automated Testing

We only test that gitcloner works with a CA, apparently we don't have a test that makes sure the gitops controller creates the secret for the job.
@manno manno added this to Fleet Sep 11, 2024
@github-project-automation github-project-automation bot moved this to 🆕 New in Fleet Sep 11, 2024
@manno manno moved this from 🆕 New to 👀 In review in Fleet Sep 11, 2024
@manno manno added the JIRA Must shout label Sep 11, 2024
@manno manno added this to the v2.9.2 milestone Sep 11, 2024
@weyfonk weyfonk mentioned this issue Sep 11, 2024
Merged
@manno manno moved this from 👀 In review to Needs QA review in Fleet Sep 11, 2024
@mmartin24
Copy link
Collaborator

Tested via UI in Rancher v2.9.2-alpha5 with Fleet rancher/fleet:v0.10.2-rc.4

Testing Steps:

  • In Rancher, create local repo, for example:
URL: https://github.com/rancher/fleet-examples
Branch: master
Path: simple
  • Create CA bundle by adding in option Select TLS Certificate Verification -> Specified additional certificates to be accepted and example Certificate as this one.
  • Create git repo

  • Checked CABundle secret is created and Gitrepo successfully deployed both in local and downstream clusters. In the screenshot can be seen before / after fix:
    Before fix:
    before_cabundle_fix
    After fix:
    ok_ca_bundle

  • Checked secret is removed after Gitrepo deletion

  • Checked after non-working example with fleet:v0.10.0 upgrading to rancher/fleet:v0.10.2-rc.4 and forcing update it works.

Further steps:
Added this example into QASE under https://app.qase.io/case/FLEET-142 to be automated
We will automate CA Bundle creation, ensure secret for this purpose is created and also removed after gitjob deletion.

@github-project-automation github-project-automation bot moved this from Needs QA review to ✅ Done in Fleet Sep 12, 2024
This was referenced Sep 17, 2024
Closed
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
JIRA Must shout status/needs-qa-test-template
Projects
Fleet
Archived in project
Milestone
v2.9.2
Development

No branches or pull requests
2 participants
@manno @mmartin24