ContainerImage.Pinniped

Commit Graph

Author	SHA1	Message	Date
Ryan Richard	80153f9a80	Allow app to start despite failing to borrow the cluster signing key - Controller and aggregated API server are allowed to run - Keep retrying to borrow the cluster signing key in case the failure to get it was caused by a transient failure - The CredentialRequest endpoint will always return an authentication failure as long as the cluster signing key cannot be borrowed - Update which integration tests are skipped to reflect what should and should not work based on the cluster's capability under this new behavior - Move CreateOrUpdateCredentialIssuerConfig() and related methods to their own file - Update the CredentialIssuerConfig's Status every time we try to refresh the cluster signing key	2020-08-25 18:22:53 -07:00
Matt Moyer	1b9a70d089	Switch back to an exec-based approach to grab the controller-manager CA. (#65 ) This switches us back to an approach where we use the Pod "exec" API to grab the keys we need, rather than forcing our code to run on the control plane node. It will help us fail gracefully (or dynamically switch to alternate implementations) when the cluster is not self-hosted. Signed-off-by: Matt Moyer <moyerm@vmware.com> Co-authored-by: Ryan Richard <richardry@vmware.com>	2020-08-19 13:21:07 -05:00
Ryan Richard	f10c61f591	Add request logging to the create LoginRequest endpoint Signed-off-by: Andrew Keesler <akeesler@vmware.com>	2020-08-06 15:14:30 -07:00

Author

SHA1

Message

Date

Ryan Richard

80153f9a80

Allow app to start despite failing to borrow the cluster signing key

- Controller and aggregated API server are allowed to run
- Keep retrying to borrow the cluster signing key in case the failure
  to get it was caused by a transient failure
- The CredentialRequest endpoint will always return an authentication
  failure as long as the cluster signing key cannot be borrowed
- Update which integration tests are skipped to reflect what should
  and should not work based on the cluster's capability under this
  new behavior
- Move CreateOrUpdateCredentialIssuerConfig() and related methods
  to their own file
- Update the CredentialIssuerConfig's Status every time we try to
  refresh the cluster signing key

2020-08-25 18:22:53 -07:00

Matt Moyer

1b9a70d089

Switch back to an exec-based approach to grab the controller-manager CA. (#65 )

This switches us back to an approach where we use the Pod "exec" API to grab the keys we need, rather than forcing our code to run on the control plane node. It will help us fail gracefully (or dynamically switch to alternate implementations) when the cluster is not self-hosted.

Signed-off-by: Matt Moyer <moyerm@vmware.com>
Co-authored-by: Ryan Richard <richardry@vmware.com>

2020-08-19 13:21:07 -05:00

Ryan Richard

f10c61f591

Add request logging to the create LoginRequest endpoint

Signed-off-by: Andrew Keesler <akeesler@vmware.com>

2020-08-06 15:14:30 -07:00

3 Commits