Honour the WEBHOOK_TLS_CERT_DIR env. variable for finding the Webhook TLS certificate #1157
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…bhook TLS certificate - Crosslane versions before v1.14 mount the Webhook TLS certificate and key at a path other than the current default /tls/certs and make the location available via the environment variable WEBHOOK_TLS_CERT_DIR. Signed-off-by: Alper Rifat Ulucinar <[email protected]>
|
/test-examples="examples/ec2/v1beta1/vpc.yaml" |
1 task
sergenyalcin
approved these changes
Feb 15, 2024
There was a problem hiding this comment.
Thanks @ulucinar LGTM! Left a nit comment for documentation.
ulucinar
changed the title
|
/test-examples="examples/ec2/v1beta2/route.yaml" |
…s/ec2/v1beta2/route.yaml Add the uptest.upbound.io/disable-import annotation for Route.ec2 due to an uptest limitation. - Document the PreAction usage for the command-line flag "--certs-dir" Signed-off-by: Alper Rifat Ulucinar <[email protected]>
|
/test-examples="examples/ec2/v1beta2/route.yaml" |
|
Backport failed for Please cherry-pick the changes locally. git fetch origin release-0.47
git worktree add -d .worktree/backport-1157-to-release-0.47 origin/release-0.47
cd .worktree/backport-1157-to-release-0.47
git checkout -b backport-1157-to-release-0.47
ancref=$(git merge-base 81d43d08e42c7cdc8a3f73199c8707300f3480cb 6279a766d3dce638e5e2d52274f2629d34063843)
git cherry-pick -x $ancref..6279a766d3dce638e5e2d52274f2629d34063843 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description of your changes
Fixes #1147
Crosslane versions before v1.14 mount the Webhook TLS certificate and key at a path other than the current default
/tls/certsand make that location available via the environment variableWEBHOOK_TLS_CERT_DIR.provider-awscurrently relies on the default path and theCERTS_DIRenvironment variable, breaking installations prior tov1.14. This PR implements the following protocol for configuring the conversion Webhook TLS certificate & key configuration:--certs-dircommand-line option is supplied, it's used.--certs-dircommand-line option is not supplied, the following environment variables are used in the given order:CERTS_DIR(for backwards-compatibility reasons),TLS_SERVER_CERTS_DIR(the new environment variable, which has replaced theWEBHOOK_TLS_CERT_DIRenv. variable in Crossplane), andWEBHOOK_TLS_CERT_DIR(for backwards-compatibility).This PR also fixes the example manifest
examples/ec2/v1beta2/route.yaml, where a non-existent version ofRouteTable.ec2is referenced.I have:
make reviewable testto ensure this PR is ready for review.How has this code been tested
Successfully provisioned a
Route.ec2/v1beta2resource usingexamples/ec2/v1beta2/route.yamlwith the following setup:v1.13.2-up.3index.docker.io/ulucinar/provider-aws-ec2:v0.48.0-ecf7ae9ad372b96dad94e52f6e7aae9b6db44063(built from this PR's feature branch)Also validated using:
v1.14.5-up.1index.docker.io/ulucinar/provider-aws-ec2:v0.48.0-ecf7ae9ad372b96dad94e52f6e7aae9b6db44063Uptest run for the modified example manifest
examples/ec2/v1beta2/route.yaml: https://github.com/upbound/provider-aws/actions/runs/7917023305/