Matt Moyer
76a44ecd58
Add some development notes to the README for now.
...
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-08-14 14:49:13 -05:00
Matt Moyer
787cf47c39
Standardize whitespace/newlines for consistency.
...
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-08-14 14:42:49 -05:00
Matt Moyer
9376f034ea
Mask this testing-only private key so we don't alert on it.
...
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-08-14 14:42:22 -05:00
Matt Moyer
1977dc2ce7
Add a .pre-commit-config.yaml file.
...
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-08-14 14:41:11 -05:00
Matt Moyer
50e70f73ae
Merge pull request #59 from mattmoyer/pin-image-hashes
...
Pin images to exact hashes (Dependabot can handle this, it seems).
2020-08-14 10:33:41 -05:00
Matt Moyer
0d034cd18e
Pin images to exact hashes (Dependabot can handle this, it seems).
...
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-08-14 10:04:43 -05:00
Andrew Keesler
6e46ff345a
Run ./hack/module.sh tidy
...
I'm assuming if any of this is wrong, someone will yell at me...
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-08-14 09:16:48 -04:00
Ryan Richard
b6c468117e
Set the type
on the image pull Secret
...
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-08-13 13:34:23 -07:00
Matt Moyer
1b23e31464
Merge pull request #55 from mattmoyer/switch-to-debian-base
...
Switch to debian base images.
2020-08-13 13:56:11 -05:00
Matt Moyer
c02b6fee8f
Switch to Debian base images.
...
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-08-13 13:35:42 -05:00
Ryan Richard
87eddf8bbd
Add image pull secret as a data value for our ytt templates
...
Signed-off-by: Aram Price <pricear@vmware.com>
2020-08-12 17:02:43 -07:00
Ryan Richard
9648db0837
Update how integration tests which use LoginRequest make their clients
...
- When we call the LoginRequest endpoint in loginrequest_test.go,
do it with an unauthenticated client, to make sure that endpoint works
with unauthenticated clients.
- For tests which want to test using certs returned by LoginRequest to
make API calls back to kube to check if those certs are working, make
sure they start with a bare client and then add only those certs.
Avoid accidentally picking up other kubeconfig configuration like
tokens, etc.
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-08-12 14:30:07 -07:00
Matt Moyer
ba0b997234
Merge pull request #54 from mattmoyer/add-dns-san
...
Make sure we have an explicit DNS SAN on our API serving certificate.
2020-08-12 12:44:43 -05:00
Matt Moyer
864db74306
Make sure we have an explicit DNS SAN on our API serving certificate.
...
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-08-12 11:01:06 -05:00
aram price
e48d9faf27
Normalize ROOT
naming and calculation in hack/
2020-08-12 08:34:17 -07:00
Matt Moyer
031129778e
Merge pull request #53 from suzerain-io/dependabot/docker/golang-1.15.0-alpine
...
Bump golang from 1.14.7-alpine to 1.15.0-alpine
2020-08-12 10:18:26 -05:00
Andrew Keesler
ed9fdce6a8
hack/module.sh: sort modules for deterministic runs
...
find(1) seems to look at directory entries in the order in which they exist
in the directory fs entry. Let's sort these so that we get the same results
regardless of the order of the directory entries.
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-08-12 09:36:33 -04:00
dependabot[bot]
d2f6eebc66
Bump golang from 1.14.7-alpine to 1.15.0-alpine
...
Bumps golang from 1.14.7-alpine to 1.15.0-alpine.
Signed-off-by: dependabot[bot] <support@github.com>
2020-08-12 05:50:33 +00:00
Ryan Richard
4cb0fd3949
Use a DaemonSet instead of a Deployment to deploy our app
...
- For high availability reasons, we would like our app to scale linearly
with the size of the control plane. Using a DaemonSet allows us to run
one pod on each node-role.kubernetes.io/master node.
- The hope is that the Service that we create should load balance
between these pods appropriately.
2020-08-11 17:55:34 -07:00
Ryan Richard
e0f0eca512
Add another assertion to certs_manager_test.go
2020-08-11 17:33:06 -07:00
Ryan Richard
bfabcdcdd1
Add unittest_no_race option to module.sh
...
- Because the race detector is slow when running on a laptop and
sometimes you want quick feedback
2020-08-11 17:28:00 -07:00
Andrew Keesler
224b59e740
test/integration: bump (another) cert expiration delta to help flake
...
Related: 553b519
.
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-08-11 17:22:25 -04:00
Andrew Keesler
553b519d0f
test/integration: bump cert expiration delta to help flake
...
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-08-11 16:09:31 -04:00
Ryan Richard
b80f3148fd
Merge pull request #43 from suzerain-io/cert_controllers
...
Refactor cert generation code into controllers
2020-08-11 12:36:30 -07:00
Andrew Keesler
d6e745203d
Revert "Add a FAKE API change to test codegen verification in CI"
...
This reverts commit 28a500fce9
.
2020-08-11 14:57:14 -04:00
Aram Price
0806074d94
hack/update-codegen.sh: really fix symlink paths
...
This is totally gonna be it.
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-08-11 14:50:43 -04:00
Aram Price
13d4a38eca
hack/update-codegen.sh: fix symlink paths
...
Wow fun times with symlinks. We *think* this script should work in CI
now...but we'll see.
Previously we were seeing a false positive where even though the generated
code was out of date, the CI step did not report failure.
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-08-11 14:41:04 -04:00
Ryan Richard
5ec1fbd1ca
Add an assertion that the private key and cert chain match in certs_manager_test.go
...
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-08-11 10:39:50 -07:00
Ryan Richard
fadd718d08
Add integration and more unit tests
...
- Add integration test for serving cert auto-generation and rotation
- Add unit test for `WithInitialEvent` of the cert manager controller
- Move UpdateAPIService() into the `apicerts` package, since that is
the only user of the function.
2020-08-11 10:14:57 -07:00
Andrew Keesler
28a500fce9
Add a FAKE API change to test codegen verification in CI
...
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-08-11 11:19:52 -04:00
Andrew Keesler
745775bf4b
Merge pull request #44 from ankeesler/verify-in-ci
...
hack/verify-codegen.sh: make this script runnable from CI
2020-08-11 11:00:49 -04:00
Andrew Keesler
ce3de2b516
hack/verify-codegen.sh: updates to be run in CI
...
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-08-11 10:18:47 -04:00
Ryan Richard
8034ef24ff
Fix a mistake from the previous commit
...
- Got the order of multiple return values backwards, which was caught
by the integration tests
2020-08-10 19:34:45 -07:00
Ryan Richard
626fc6aa8d
Merge branch 'main' into cert_controllers
2020-08-10 19:01:36 -07:00
Ryan Richard
cc9ae23a0c
Add tests for the new cert controllers and some other small refactorings
...
- Add a unit test for each cert controller
- Make DynamicTLSServingCertProvider an interface and use a mutex
internally
- Create a shared ToPEM function instead of having two very similar
functions
- Move the ObservableWithInformerOption test helper to testutils
- Rename some variables and imports
2020-08-10 18:53:53 -07:00
Matt Moyer
7152ffd730
Merge pull request #48 from mattmoyer/extend-dependabot-config
...
Add additional go.mod directories to dependabot.
2020-08-10 12:11:27 -05:00
Matt Moyer
6300898810
Add additional go.mod directories to dependabot.
...
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-08-10 12:09:32 -05:00
Matt Moyer
7c8876a812
Merge pull request #47 from suzerain-io/dependabot/docker/golang-1.14.7-alpine
...
Bump golang from 1.14.6-alpine to 1.14.7-alpine
2020-08-10 12:00:28 -05:00
dependabot[bot]
b3df59ca13
Bump golang from 1.14.6-alpine to 1.14.7-alpine
...
Bumps golang from 1.14.6-alpine to 1.14.7-alpine.
Signed-off-by: dependabot[bot] <support@github.com>
2020-08-10 16:46:08 +00:00
Matt Moyer
b4130af2bf
Merge pull request #46 from mattmoyer/downgrade-base-image
...
Temporarily downgrade our Docker base image to trigger dependabot.
2020-08-10 11:45:35 -05:00
Matt Moyer
5394008d6f
Temporarily downgrade our Docker base image to trigger dependabot.
...
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-08-10 11:44:47 -05:00
Matt Moyer
3583f7a09f
Merge pull request #45 from mattmoyer/add-dependabot-config
...
Add dependabot YAML configuration.
2020-08-10 11:38:35 -05:00
Matt Moyer
df3c387f2e
Add dependabot YAML configuration.
...
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-08-10 11:37:52 -05:00
Andrew Keesler
fa0533fae9
hack/module.sh: update usage with unittest command
...
Signed-off-by: Andrew Keesler <akeesler@vmware.com>
2020-08-10 10:18:36 -04:00
Ryan Richard
86c3f89b2e
First draft of moving API server TLS cert generation to controllers
...
- Refactors the existing cert generation code into controllers
which read and write a Secret containing the certs
- Does not add any new functionality yet, e.g. no new handling
for cert expiration, and no leader election to allow for
multiple servers running simultaneously
- This commit also doesn't add new tests for the cert generation
code, but it should be more unit testable now as controllers
2020-08-09 10:04:05 -07:00
Ryan Richard
b00cec954e
Pre-factor server.go
...
- No functional changes
- Move all the stuff about clients and controllers into the controller
package
- Add more comments and organize the code more into more helper
functions to make each function smaller
2020-08-07 14:49:04 -07:00
Matt Moyer
b379d5148c
Merge pull request #42 from mattmoyer/monorepo-deux
...
🚝 Monorepo!🚝 (redux)
2020-08-06 21:07:50 -05:00
Matt Moyer
aecd005c60
Disable ./hack/verify-codegen.sh in CI since we don't have Docker available yet.
...
This seems fixable but not in a trivial way from what I could tell.
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-08-06 20:52:28 -05:00
Matt Moyer
6dd331b21d
Use Go's -short
flag as a way to avoid running integration tests.
...
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-08-06 20:44:14 -05:00
Matt Moyer
c4bbb64622
Fix latent linter issues.
...
Signed-off-by: Matt Moyer <moyerm@vmware.com>
2020-08-06 20:42:20 -05:00