Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Queue multi-level trust #14063

Closed
wants to merge 5 commits into from
Closed

Queue multi-level trust #14063

wants to merge 5 commits into from

Conversation

davidhadas
Copy link
Contributor

@davidhadas davidhadas commented Jun 4, 2023
edited
Loading

Fixes #13979

Proposed Changes

  • Moved Queue from InternalEncryption flag to Trust levels
  • Support Queue mTLS
  • Support Queue reloading updates in the certificate and CA from the secret

Release Note

We added alpha support for dataplane-trust network options of Queue including TLS or mTLS and an appropriate set of certificates to implement trust between Activator and Queue.

@knative-prow knative-prow bot requested review from evankanderson and KauzClay June 4, 2023 11:51
@knative-prow knative-prow bot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. area/API API objects and controllers area/autoscale area/networking area/test-and-release It flags unit/e2e/conformance/perf test issues for product features labels Jun 4, 2023
@knative-prow
Copy link

knative-prow bot commented Jun 4, 2023

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: davidhadas
Once this PR has been reviewed and has the lgtm label, please assign pierdipi for approval. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@davidhadas davidhadas changed the title continue trust work Queue multi-level trust Jun 4, 2023
@codecov
Copy link

codecov bot commented Jun 4, 2023
edited
Loading

Codecov Report

Patch coverage: 3.33% and project coverage change: -0.49 ⚠️

Comparison is base (349b2d6) 86.21% compared to head (d8ec34f) 85.72%.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main   #14063      +/-   ##
==========================================
- Coverage   86.21%   85.72%   -0.49%     
==========================================
  Files         199      200       +1     
  Lines       14767    14854      +87     
==========================================
+ Hits        12731    12734       +3     
- Misses       1734     1818      +84     
  Partials      302      302
Impacted Files Coverage Δ
pkg/queue/sharedmain/cache.go 0.00% <0.00%> (ø)
pkg/queue/sharedmain/main.go 0.85% <0.00%> (-0.02%) ⬇️
pkg/reconciler/revision/resources/deploy.go 90.13% <0.00%> (ø)
pkg/reconciler/revision/revision.go 92.13% <0.00%> (ø)
pkg/reconciler/revision/resources/queue.go 98.25% <100.00%> (+0.01%) ⬆️

☔ View full report in Codecov by Sentry.
📢 Do you have feedback about the report comment? Let us know in this issue.

@davidhadas
Copy link
Contributor Author

/retest

istio-latest-no-mesh-tls_serving_main — Job failed.                     BaseSHA:349b2d61b0e82efda4f713e5d6f2c31f3fa9ff1c
Required
Details
@knative-prow
istio-latest-no-mesh_serving_main — Job failed.                     BaseSHA:349b2d61b0e82efda4f713e5d6f2c31f3fa9ff1c
Required
Details
@knative-prow
upgrade-tests_serving_main — Jo

@davidhadas
Copy link
Contributor Author

Ready for review

/hold
merge after #13969

@knative-prow knative-prow bot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Jun 4, 2023
@davidhadas
Copy link
Contributor Author

/retest

@knative-prow-robot knative-prow-robot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Jun 7, 2023
@knative-prow-robot
Copy link
Contributor

PR needs rebase.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@davidhadas davidhadas mentioned this pull request Jul 25, 2023
Closed
@davidhadas
Copy link
Contributor Author

See #13968

@davidhadas davidhadas closed this Jul 25, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@evankanderson evankanderson Awaiting requested review from evankanderson

@KauzClay KauzClay Awaiting requested review from KauzClay

Assignees
No one assigned
Labels
area/API API objects and controllers area/autoscale area/networking area/test-and-release It flags unit/e2e/conformance/perf test issues for product features do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add DataPlan-Trust implementation for Queue
2 participants
@davidhadas @knative-prow-robot