1b23e31464
Merge pull request #55 from mattmoyer/switch-to-debian-base
...
Switch to debian base images.
2020-08-13 13:56:11 -05:00
c02b6fee8f
Switch to Debian base images.
...
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-08-13 13:35:42 -05:00
87eddf8bbd
Add image pull secret as a data value for our ytt templates
...
Signed-off-by: Aram Price <pricear@vmware.com>
2020-08-12 17:02:43 -07:00
9648db0837
Update how integration tests which use LoginRequest make their clients
...
- When we call the LoginRequest endpoint in loginrequest_test.go,
do it with an unauthenticated client, to make sure that endpoint works
with unauthenticated clients.
- For tests which want to test using certs returned by LoginRequest to
make API calls back to kube to check if those certs are working, make
sure they start with a bare client and then add only those certs.
Avoid accidentally picking up other kubeconfig configuration like
tokens, etc.
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-08-12 14:30:07 -07:00
ba0b997234
Merge pull request #54 from mattmoyer/add-dns-san
...
Make sure we have an explicit DNS SAN on our API serving certificate.
2020-08-12 12:44:43 -05:00
864db74306
Make sure we have an explicit DNS SAN on our API serving certificate.
...
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-08-12 11:01:06 -05:00
e48d9faf27
Normalize `ROOT` naming and calculation in hack/
2020-08-12 08:34:17 -07:00
031129778e
Merge pull request #53 from suzerain-io/dependabot/docker/golang-1.15.0-alpine
...
Bump golang from 1.14.7-alpine to 1.15.0-alpine
2020-08-12 10:18:26 -05:00
ed9fdce6a8
hack/module.sh: sort modules for deterministic runs
...
find(1) seems to look at directory entries in the order in which they exist
in the directory fs entry. Let's sort these so that we get the same results
regardless of the order of the directory entries.
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-08-12 09:36:33 -04:00
d2f6eebc66
Bump golang from 1.14.7-alpine to 1.15.0-alpine
...
Bumps golang from 1.14.7-alpine to 1.15.0-alpine.
Signed-off-by: dependabot[bot] <support@github.com>
2020-08-12 05:50:33 +00:00
4cb0fd3949
Use a DaemonSet instead of a Deployment to deploy our app
...
- For high availability reasons, we would like our app to scale linearly
with the size of the control plane. Using a DaemonSet allows us to run
one pod on each node-role.kubernetes.io/master node.
- The hope is that the Service that we create should load balance
between these pods appropriately.
2020-08-11 17:55:34 -07:00
e0f0eca512
Add another assertion to certs_manager_test.go
2020-08-11 17:33:06 -07:00
bfabcdcdd1
Add unittest_no_race option to module.sh
...
- Because the race detector is slow when running on a laptop and
sometimes you want quick feedback
2020-08-11 17:28:00 -07:00
224b59e740
test/integration: bump (another) cert expiration delta to help flake
...
Related: 553b519
2020-08-11 17:22:25 -04:00
553b519d0f
test/integration: bump cert expiration delta to help flake
...
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-08-11 16:09:31 -04:00
b80f3148fd
Merge pull request #43 from suzerain-io/cert_controllers
...
Refactor cert generation code into controllers
2020-08-11 12:36:30 -07:00
d6e745203d
Revert "Add a FAKE API change to test codegen verification in CI"
...
This reverts commit 28a500fce9
2020-08-11 14:57:14 -04:00
0806074d94
hack/update-codegen.sh: really fix symlink paths
...
This is totally gonna be it.
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-08-11 14:50:43 -04:00
13d4a38eca
hack/update-codegen.sh: fix symlink paths
...
Wow fun times with symlinks. We *think* this script should work in CI
now...but we'll see.
Previously we were seeing a false positive where even though the generated
code was out of date, the CI step did not report failure.
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-08-11 14:41:04 -04:00
5ec1fbd1ca
Add an assertion that the private key and cert chain match in certs_manager_test.go
...
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-08-11 10:39:50 -07:00
fadd718d08
Add integration and more unit tests
...
- Add integration test for serving cert auto-generation and rotation
- Add unit test for `WithInitialEvent` of the cert manager controller
- Move UpdateAPIService() into the `apicerts` package, since that is
the only user of the function.
2020-08-11 10:14:57 -07:00
28a500fce9
Add a FAKE API change to test codegen verification in CI
...
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-08-11 11:19:52 -04:00
745775bf4b
Merge pull request #44 from ankeesler/verify-in-ci
...
hack/verify-codegen.sh: make this script runnable from CI
2020-08-11 11:00:49 -04:00
ce3de2b516
hack/verify-codegen.sh: updates to be run in CI
...
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-08-11 10:18:47 -04:00
8034ef24ff
Fix a mistake from the previous commit
...
- Got the order of multiple return values backwards, which was caught
by the integration tests
2020-08-10 19:34:45 -07:00
626fc6aa8d
Merge branch 'main' into cert_controllers
2020-08-10 19:01:36 -07:00
cc9ae23a0c
Add tests for the new cert controllers and some other small refactorings
...
- Add a unit test for each cert controller
- Make DynamicTLSServingCertProvider an interface and use a mutex
internally
- Create a shared ToPEM function instead of having two very similar
functions
- Move the ObservableWithInformerOption test helper to testutils
- Rename some variables and imports
2020-08-10 18:53:53 -07:00
7152ffd730
Merge pull request #48 from mattmoyer/extend-dependabot-config
...
Add additional go.mod directories to dependabot.
2020-08-10 12:11:27 -05:00
6300898810
Add additional go.mod directories to dependabot.
...
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-08-10 12:09:32 -05:00
7c8876a812
Merge pull request #47 from suzerain-io/dependabot/docker/golang-1.14.7-alpine
...
Bump golang from 1.14.6-alpine to 1.14.7-alpine
2020-08-10 12:00:28 -05:00
b3df59ca13
Bump golang from 1.14.6-alpine to 1.14.7-alpine
...
Bumps golang from 1.14.6-alpine to 1.14.7-alpine.
Signed-off-by: dependabot[bot] <support@github.com>
2020-08-10 16:46:08 +00:00
b4130af2bf
Merge pull request #46 from mattmoyer/downgrade-base-image
...
Temporarily downgrade our Docker base image to trigger dependabot.
2020-08-10 11:45:35 -05:00
5394008d6f
Temporarily downgrade our Docker base image to trigger dependabot.
...
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-08-10 11:44:47 -05:00
3583f7a09f
Merge pull request #45 from mattmoyer/add-dependabot-config
...
Add dependabot YAML configuration.
2020-08-10 11:38:35 -05:00
df3c387f2e
Add dependabot YAML configuration.
...
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-08-10 11:37:52 -05:00
fa0533fae9
hack/module.sh: update usage with unittest command
...
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-08-10 10:18:36 -04:00
86c3f89b2e
First draft of moving API server TLS cert generation to controllers
...
- Refactors the existing cert generation code into controllers
which read and write a Secret containing the certs
- Does not add any new functionality yet, e.g. no new handling
for cert expiration, and no leader election to allow for
multiple servers running simultaneously
- This commit also doesn't add new tests for the cert generation
code, but it should be more unit testable now as controllers
2020-08-09 10:04:05 -07:00
b00cec954e
Pre-factor server.go
...
- No functional changes
- Move all the stuff about clients and controllers into the controller
package
- Add more comments and organize the code more into more helper
functions to make each function smaller
2020-08-07 14:49:04 -07:00
b379d5148c
Merge pull request #42 from mattmoyer/monorepo-deux
...
🚝 Monorepo!🚝 (redux)
2020-08-06 21:07:50 -05:00
aecd005c60
Disable ./hack/verify-codegen.sh in CI since we don't have Docker available yet.
...
This seems fixable but not in a trivial way from what I could tell.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-08-06 20:52:28 -05:00
6dd331b21d
Use Go's `-short` flag as a way to avoid running integration tests.
...
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-08-06 20:44:14 -05:00
c4bbb64622
Fix latent linter issues.
...
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-08-06 20:42:20 -05:00
7143058462
Update hack scripts to use new docker workflow.
...
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-08-06 20:09:15 -05:00
c5d5914866
Split up into multiple modules.
...
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-08-06 20:09:15 -05:00
af656d4b02
Our new directory structure is deeper, so expand this search.
...
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-08-06 20:09:15 -05:00
9e9868bd16
Add `hack/module.sh` script to run module tasks
...
The script knows `tidy`, `lint`, and `test`
2020-08-06 20:09:15 -05:00
cbe4c1b370
Pull placeholder-name-api back into this repo as a library.
...
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-08-06 20:09:15 -05:00
ad55f9e310
Pull placeholder-name-client-go back into this repo as a library.
...
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-08-06 19:38:13 -05:00
0b4590b237
Now that we have a testutil package, put ioutil.go into it
...
Signed-off-by: Ryan Richard <richardry@vmware.com>
2020-08-06 15:19:09 -07:00
f10c61f591
Add request logging to the create LoginRequest endpoint
...
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-08-06 15:14:30 -07:00
Matt Moyer