Re-generate test/config/tls/cert-secret.yaml by nak3 · Pull Request #14324 · knative/serving

nak3 · 2023-09-01T03:10:02Z

Current tls e2e test always fails due to service_to_service_test.go:168: Failed to start endpoint of httpproxy: response: status: 502, body: x509: certificate has expired or is not yet valid: current time 2023-08-31T13:27:40Z is after 2023-08-31T09:13:11Z for example #14323

This is caused by expired certificate in test/config/tls/cert-secret.yaml:

        Validity
            Not Before: Aug 31 09:13:11 2022 GMT
            Not After : Aug 31 09:13:11 2023 GMT
        Subject: O = Knative Community, CN = example.com

Hence, this patch re-generates the secret by:

$ cd test/config/tls/
$ ./generate.sh

Also, it expands the expired date to 10 years.

Release Note

NONE

codecov · 2023-09-01T03:17:20Z

Codecov Report

Patch coverage has no change and project coverage change: +0.02% 🎉

Comparison is base (8dbb2d3) 86.04% compared to head (5d0b6b0) 86.06%.

Additional details and impacted files

@@            Coverage Diff             @@
##             main   #14324      +/-   ##
==========================================
+ Coverage   86.04%   86.06%   +0.02%     
==========================================
  Files         196      196              
  Lines       14781    14781              
==========================================
+ Hits        12718    12721       +3     
+ Misses       1754     1753       -1     
+ Partials      309      307       -2

see 1 file with indirect coverage changes

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

ReToCode

/lgtm
/approve

knative-prow · 2023-09-01T06:45:14Z

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: nak3, ReToCode

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

~~test/OWNERS~~ [nak3]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

Co-authored-by: Kenjiro Nakayama <nakayamakenjiro@gmail.com>

* [release-1.11] bump x/net to v1.17 * Re-generate test/config/tls/cert-secret.yaml (#14324) * Run hack/update-codegen.sh --upgrade --release 1.11

* [release-1.10] bump x/net to v0.17 * Re-generate test/config/tls/cert-secret.yaml (#14324) * Run hack/upgrade

* Min TLS for tag to digest defaults to 1.2 again and is configurable (knative#13963) quay.io only supports 1.2 Co-authored-by: dprotaso <dprotaso@gmail.com> * drop safe to evict annotations (knative#14051) this prevents nodes from draining Co-authored-by: dprotaso <dprotaso@gmail.com> * [release-1.10] RandomChoice 2 policy wasn't random when the number of targets is 2 (with equal weight) (knative#14052) * RandomChoice 2 policy wasn't random when the number of targets is 2 * fix linting --------- Co-authored-by: dprotaso <dprotaso@gmail.com> * [release-1.10] fix securityContext for Knative Service Pod (user-container and queue-proxy) (knative#14377) * add seccompProfile to queue container security context * run as non root by default * update tests to expect new default run as nonroot * fix perms --------- Co-authored-by: Clay Kauzlaric <ckauzlaric@vmware.com> Co-authored-by: Dave Protasowski <dprotaso@gmail.com> * Leave a comment which will trigger a new dot release (knative#14501) * [release-1.10] bump x/net to v0.17 (knative#14517) * [release-1.10] bump x/net to v0.17 * Re-generate test/config/tls/cert-secret.yaml (knative#14324) * Run hack/upgrade * Update secure-pod-defaults patch * Use a static value for S-O branch --------- Co-authored-by: Knative Prow Robot <knative-prow-robot@google.com> Co-authored-by: dprotaso <dprotaso@gmail.com> Co-authored-by: Clay Kauzlaric <ckauzlaric@vmware.com> Co-authored-by: Kenjiro Nakayama <nakayamakenjiro@gmail.com>

* [release-1.11] fix securityContext for Knative Service Pod (user-container and queue-proxy) (knative#14378) * add seccompProfile to queue container security context * run as non root by default * update tests to expect new default run as nonroot --------- Co-authored-by: Clay Kauzlaric <ckauzlaric@vmware.com> * Leave a comment which will trigger a new dot release (knative#14500) * [release-1.11] bump x/net to v0.17 (knative#14516) * [release-1.11] bump x/net to v1.17 * Re-generate test/config/tls/cert-secret.yaml (knative#14324) * Run hack/update-codegen.sh --upgrade --release 1.11 * Update secure-pod-defaults patch --------- Co-authored-by: Knative Prow Robot <automation+prow-robot@knative.team> Co-authored-by: Clay Kauzlaric <ckauzlaric@vmware.com> Co-authored-by: Kenjiro Nakayama <nakayamakenjiro@gmail.com>

* [release-1.11] fix securityContext for Knative Service Pod (user-container and queue-proxy) (knative#14378) * add seccompProfile to queue container security context * run as non root by default * update tests to expect new default run as nonroot --------- Co-authored-by: Clay Kauzlaric <ckauzlaric@vmware.com> * Leave a comment which will trigger a new dot release (knative#14500) * [release-1.11] bump x/net to v0.17 (knative#14516) * [release-1.11] bump x/net to v1.17 * Re-generate test/config/tls/cert-secret.yaml (knative#14324) * Run hack/update-codegen.sh --upgrade --release 1.11 * Bound buffer for reading stats (knative#14542) Co-authored-by: Evan Anderson <evan.k.anderson@gmail.com> --------- Co-authored-by: Knative Prow Robot <automation+prow-robot@knative.team> Co-authored-by: Clay Kauzlaric <ckauzlaric@vmware.com> Co-authored-by: Kenjiro Nakayama <nakayamakenjiro@gmail.com> Co-authored-by: Evan Anderson <evan.k.anderson@gmail.com>

* Min TLS for tag to digest defaults to 1.2 again and is configurable (knative#13963) quay.io only supports 1.2 Co-authored-by: dprotaso <dprotaso@gmail.com> * drop safe to evict annotations (knative#14051) this prevents nodes from draining Co-authored-by: dprotaso <dprotaso@gmail.com> * [release-1.10] RandomChoice 2 policy wasn't random when the number of targets is 2 (with equal weight) (knative#14052) * RandomChoice 2 policy wasn't random when the number of targets is 2 * fix linting --------- Co-authored-by: dprotaso <dprotaso@gmail.com> * [release-1.10] fix securityContext for Knative Service Pod (user-container and queue-proxy) (knative#14377) * add seccompProfile to queue container security context * run as non root by default * update tests to expect new default run as nonroot * fix perms --------- Co-authored-by: Clay Kauzlaric <ckauzlaric@vmware.com> Co-authored-by: Dave Protasowski <dprotaso@gmail.com> * Leave a comment which will trigger a new dot release (knative#14501) * [release-1.10] bump x/net to v0.17 (knative#14517) * [release-1.10] bump x/net to v0.17 * Re-generate test/config/tls/cert-secret.yaml (knative#14324) * Run hack/upgrade * Bound buffer for reading stats (knative#14541) Co-authored-by: Evan Anderson <evan.k.anderson@gmail.com> --------- Co-authored-by: Knative Prow Robot <knative-prow-robot@google.com> Co-authored-by: dprotaso <dprotaso@gmail.com> Co-authored-by: Clay Kauzlaric <ckauzlaric@vmware.com> Co-authored-by: Kenjiro Nakayama <nakayamakenjiro@gmail.com> Co-authored-by: Evan Anderson <evan.k.anderson@gmail.com>

…#439) Co-authored-by: Kenjiro Nakayama <nakayamakenjiro@gmail.com>

* [release-1.11] fix securityContext for Knative Service Pod (user-container and queue-proxy) (knative#14378) * add seccompProfile to queue container security context * run as non root by default * update tests to expect new default run as nonroot --------- Co-authored-by: Clay Kauzlaric <ckauzlaric@vmware.com> * Leave a comment which will trigger a new dot release (knative#14500) * [release-1.11] bump x/net to v0.17 (knative#14516) * [release-1.11] bump x/net to v1.17 * Re-generate test/config/tls/cert-secret.yaml (knative#14324) * Run hack/update-codegen.sh --upgrade --release 1.11 * Bound buffer for reading stats (knative#14542) Co-authored-by: Evan Anderson <evan.k.anderson@gmail.com> * upgrade to latest dependencies (knative#14552) bumping knative.dev/pkg bd99f2f...56bfe0d: > 56bfe0d [release-1.11] [CVE-2023-44487] Disable http2 for webhooks (# 2875) bumping knative.dev/caching 24ff723...ee89f75: > ee89f75 upgrade to latest dependencies (# 797) Signed-off-by: Knative Automation <automation@knative.team> * Upgrade grpc for addressing GHSA-m425-mq94-257g (knative#14579) More info at GHSA-m425-mq94-257g * remove duplicate 'additionalPrinterColumns' (knative#14654) Signed-off-by: Kenny Leung <kleung@chainguard.dev> Co-authored-by: Kenny Leung <kleung@chainguard.dev> * [release-1.11] Bump to fix knative#14732 (knative#14734) * Bump to fix knative#14732 * Bump to fix serving/knative#14732 * Sync with upstream release-1.11 --------- Signed-off-by: Knative Automation <automation@knative.team> Signed-off-by: Kenny Leung <kleung@chainguard.dev> Co-authored-by: Knative Prow Robot <automation+prow-robot@knative.team> Co-authored-by: Clay Kauzlaric <ckauzlaric@vmware.com> Co-authored-by: Kenjiro Nakayama <nakayamakenjiro@gmail.com> Co-authored-by: Evan Anderson <evan.k.anderson@gmail.com> Co-authored-by: Knative Automation <automation@knative.team> Co-authored-by: Juan Sanin <jsanin@vmware.com> Co-authored-by: Kenny Leung <kleung@chainguard.dev> Co-authored-by: Dave Protasowski <dprotaso@gmail.com>

Re-generate test/config/tls/cert-secret.yaml

5d0b6b0

knative-prow bot added approved Indicates a PR has been approved by an approver from all required OWNERS files. size/S Denotes a PR that changes 10-29 lines, ignoring generated files. labels Sep 1, 2023

knative-prow bot requested review from evankanderson and mgencur September 1, 2023 03:10

knative-prow bot added the area/test-and-release It flags unit/e2e/conformance/perf test issues for product features label Sep 1, 2023

ReToCode approved these changes Sep 1, 2023

View reviewed changes

knative-prow bot assigned ReToCode Sep 1, 2023

knative-prow bot added the lgtm Indicates that a PR is ready to be merged. label Sep 1, 2023

knative-prow bot merged commit 005838b into knative:main Sep 1, 2023

nak3 added a commit to nak3/serving that referenced this pull request Sep 4, 2023

Re-generate test/config/tls/cert-secret.yaml (knative#14324)

10b2545

openshift-merge-robot pushed a commit to openshift-knative/serving that referenced this pull request Sep 4, 2023

Re-generate test/config/tls/cert-secret.yaml (knative#14324) (#438)

5d8df1f

openshift-cherrypick-robot pushed a commit to openshift-cherrypick-robot/knative-serving that referenced this pull request Sep 4, 2023

Re-generate test/config/tls/cert-secret.yaml (knative#14324)

a932d57

openshift-cherrypick-robot pushed a commit to openshift-cherrypick-robot/knative-serving that referenced this pull request Sep 4, 2023

Re-generate test/config/tls/cert-secret.yaml (knative#14324)

2b0e106

openshift-cherrypick-robot pushed a commit to openshift-cherrypick-robot/knative-serving that referenced this pull request Sep 4, 2023

Re-generate test/config/tls/cert-secret.yaml (knative#14324)

3081924

openshift-merge-robot pushed a commit to openshift-knative/serving that referenced this pull request Sep 4, 2023

Re-generate test/config/tls/cert-secret.yaml (knative#14324) (#440)

d48a7bb

Co-authored-by: Kenjiro Nakayama <nakayamakenjiro@gmail.com>

openshift-merge-robot pushed a commit to openshift-knative/serving that referenced this pull request Sep 4, 2023

Re-generate test/config/tls/cert-secret.yaml (knative#14324) (#441)

38a9385

Co-authored-by: Kenjiro Nakayama <nakayamakenjiro@gmail.com>

openshift-merge-robot pushed a commit to openshift-knative/serving that referenced this pull request Sep 5, 2023

Re-generate test/config/tls/cert-secret.yaml (knative#14324) (#439)

44fdf38

Co-authored-by: Kenjiro Nakayama <nakayamakenjiro@gmail.com>

nak3 added a commit to nak3/serving that referenced this pull request Oct 12, 2023

Re-generate test/config/tls/cert-secret.yaml (knative#14324)

a2c6466

nak3 added a commit to nak3/serving that referenced this pull request Oct 12, 2023

Re-generate test/config/tls/cert-secret.yaml (knative#14324)

1ed759b

knative-prow bot pushed a commit that referenced this pull request Oct 12, 2023

[release-1.11] bump x/net to v0.17 (#14516)

4ff7168

* [release-1.11] bump x/net to v1.17 * Re-generate test/config/tls/cert-secret.yaml (#14324) * Run hack/update-codegen.sh --upgrade --release 1.11

knative-prow bot pushed a commit that referenced this pull request Oct 12, 2023

[release-1.10] bump x/net to v0.17 (#14517)

bdc9865

* [release-1.10] bump x/net to v0.17 * Re-generate test/config/tls/cert-secret.yaml (#14324) * Run hack/upgrade

nak3 mentioned this pull request Oct 13, 2023

Kourier/TLS Kind E2E Tests is flakey #14511

Closed

mgencur pushed a commit to mgencur/serving-1 that referenced this pull request Nov 16, 2023

Re-generate test/config/tls/cert-secret.yaml (knative#14324) (knative…

066e3e9

…#439) Co-authored-by: Kenjiro Nakayama <nakayamakenjiro@gmail.com>

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Re-generate test/config/tls/cert-secret.yaml#14324

Re-generate test/config/tls/cert-secret.yaml#14324
knative-prow[bot] merged 1 commit intoknative:mainfrom
nak3:re-generate-test/config/tls/cert-secret.yaml

nak3 commented Sep 1, 2023

Uh oh!

codecov bot commented Sep 1, 2023

Uh oh!

ReToCode left a comment

Uh oh!

knative-prow bot commented Sep 1, 2023

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Conversation

nak3 commented Sep 1, 2023

Uh oh!

codecov bot commented Sep 1, 2023

Codecov Report

Uh oh!

ReToCode left a comment

Choose a reason for hiding this comment

Uh oh!

knative-prow bot commented Sep 1, 2023

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants