ContainerImage.Pinniped

Author	SHA1	Message	Date
Matt Moyer	9376f034ea	Mask this testing-only private key so we don't alert on it. Signed-off-by: Matt Moyer <moyerm@vmware.com>	2020-08-14 14:42:22 -05:00
Matt Moyer	1977dc2ce7	Add a .pre-commit-config.yaml file. Signed-off-by: Matt Moyer <moyerm@vmware.com>	2020-08-14 14:41:11 -05:00
Matt Moyer	50e70f73ae	Merge pull request #59 from mattmoyer/pin-image-hashes Pin images to exact hashes (Dependabot can handle this, it seems).	2020-08-14 10:33:41 -05:00
Matt Moyer	0d034cd18e	Pin images to exact hashes (Dependabot can handle this, it seems). Signed-off-by: Matt Moyer <moyerm@vmware.com>	2020-08-14 10:04:43 -05:00
Andrew Keesler	6e46ff345a	Run ./hack/module.sh tidy I'm assuming if any of this is wrong, someone will yell at me... Signed-off-by: Andrew Keesler <akeesler@vmware.com>	2020-08-14 09:16:48 -04:00
Ryan Richard	b6c468117e	Set the `type` on the image pull `Secret` Signed-off-by: Andrew Keesler <akeesler@vmware.com>	2020-08-13 13:34:23 -07:00
Matt Moyer	1b23e31464	Merge pull request #55 from mattmoyer/switch-to-debian-base Switch to debian base images.	2020-08-13 13:56:11 -05:00
Matt Moyer	c02b6fee8f	Switch to Debian base images. Signed-off-by: Matt Moyer <moyerm@vmware.com>	2020-08-13 13:35:42 -05:00
Ryan Richard	87eddf8bbd	Add image pull secret as a data value for our ytt templates Signed-off-by: Aram Price <pricear@vmware.com>	2020-08-12 17:02:43 -07:00
Ryan Richard	9648db0837	Update how integration tests which use LoginRequest make their clients - When we call the LoginRequest endpoint in loginrequest_test.go, do it with an unauthenticated client, to make sure that endpoint works with unauthenticated clients. - For tests which want to test using certs returned by LoginRequest to make API calls back to kube to check if those certs are working, make sure they start with a bare client and then add only those certs. Avoid accidentally picking up other kubeconfig configuration like tokens, etc. Signed-off-by: Andrew Keesler <akeesler@vmware.com>	2020-08-12 14:30:07 -07:00
Matt Moyer	ba0b997234	Merge pull request #54 from mattmoyer/add-dns-san Make sure we have an explicit DNS SAN on our API serving certificate.	2020-08-12 12:44:43 -05:00
Matt Moyer	864db74306	Make sure we have an explicit DNS SAN on our API serving certificate. Signed-off-by: Matt Moyer <moyerm@vmware.com>	2020-08-12 11:01:06 -05:00
aram price	e48d9faf27	Normalize `ROOT` naming and calculation in hack/	2020-08-12 08:34:17 -07:00
Matt Moyer	031129778e	Merge pull request #53 from suzerain-io/dependabot/docker/golang-1.15.0-alpine Bump golang from 1.14.7-alpine to 1.15.0-alpine	2020-08-12 10:18:26 -05:00
Andrew Keesler	ed9fdce6a8	hack/module.sh: sort modules for deterministic runs find(1) seems to look at directory entries in the order in which they exist in the directory fs entry. Let's sort these so that we get the same results regardless of the order of the directory entries. Signed-off-by: Andrew Keesler <akeesler@vmware.com>	2020-08-12 09:36:33 -04:00
dependabot[bot]	d2f6eebc66	Bump golang from 1.14.7-alpine to 1.15.0-alpine Bumps golang from 1.14.7-alpine to 1.15.0-alpine. Signed-off-by: dependabot[bot] <support@github.com>	2020-08-12 05:50:33 +00:00
Ryan Richard	4cb0fd3949	Use a DaemonSet instead of a Deployment to deploy our app - For high availability reasons, we would like our app to scale linearly with the size of the control plane. Using a DaemonSet allows us to run one pod on each node-role.kubernetes.io/master node. - The hope is that the Service that we create should load balance between these pods appropriately.	2020-08-11 17:55:34 -07:00
Ryan Richard	e0f0eca512	Add another assertion to certs_manager_test.go	2020-08-11 17:33:06 -07:00
Ryan Richard	bfabcdcdd1	Add unittest_no_race option to module.sh - Because the race detector is slow when running on a laptop and sometimes you want quick feedback	2020-08-11 17:28:00 -07:00
Andrew Keesler	224b59e740	test/integration: bump (another) cert expiration delta to help flake Related: `553b519`. Signed-off-by: Andrew Keesler <akeesler@vmware.com>	2020-08-11 17:22:25 -04:00
Andrew Keesler	553b519d0f	test/integration: bump cert expiration delta to help flake Signed-off-by: Andrew Keesler <akeesler@vmware.com>	2020-08-11 16:09:31 -04:00
Ryan Richard	b80f3148fd	Merge pull request #43 from suzerain-io/cert_controllers Refactor cert generation code into controllers	2020-08-11 12:36:30 -07:00
Andrew Keesler	d6e745203d	Revert "Add a FAKE API change to test codegen verification in CI" This reverts commit `28a500fce9`.	2020-08-11 14:57:14 -04:00
Aram Price	0806074d94	hack/update-codegen.sh: really fix symlink paths This is totally gonna be it. Signed-off-by: Andrew Keesler <akeesler@vmware.com>	2020-08-11 14:50:43 -04:00
Aram Price	13d4a38eca	hack/update-codegen.sh: fix symlink paths Wow fun times with symlinks. We think this script should work in CI now...but we'll see. Previously we were seeing a false positive where even though the generated code was out of date, the CI step did not report failure. Signed-off-by: Andrew Keesler <akeesler@vmware.com>	2020-08-11 14:41:04 -04:00
Ryan Richard	5ec1fbd1ca	Add an assertion that the private key and cert chain match in certs_manager_test.go Signed-off-by: Matt Moyer <moyerm@vmware.com>	2020-08-11 10:39:50 -07:00
Ryan Richard	fadd718d08	Add integration and more unit tests - Add integration test for serving cert auto-generation and rotation - Add unit test for `WithInitialEvent` of the cert manager controller - Move UpdateAPIService() into the `apicerts` package, since that is the only user of the function.	2020-08-11 10:14:57 -07:00
Andrew Keesler	28a500fce9	Add a FAKE API change to test codegen verification in CI Signed-off-by: Andrew Keesler <akeesler@vmware.com>	2020-08-11 11:19:52 -04:00
Andrew Keesler	745775bf4b	Merge pull request #44 from ankeesler/verify-in-ci hack/verify-codegen.sh: make this script runnable from CI	2020-08-11 11:00:49 -04:00
Andrew Keesler	ce3de2b516	hack/verify-codegen.sh: updates to be run in CI Signed-off-by: Andrew Keesler <akeesler@vmware.com>	2020-08-11 10:18:47 -04:00
Ryan Richard	8034ef24ff	Fix a mistake from the previous commit - Got the order of multiple return values backwards, which was caught by the integration tests	2020-08-10 19:34:45 -07:00
Ryan Richard	626fc6aa8d	Merge branch 'main' into cert_controllers	2020-08-10 19:01:36 -07:00
Ryan Richard	cc9ae23a0c	Add tests for the new cert controllers and some other small refactorings - Add a unit test for each cert controller - Make DynamicTLSServingCertProvider an interface and use a mutex internally - Create a shared ToPEM function instead of having two very similar functions - Move the ObservableWithInformerOption test helper to testutils - Rename some variables and imports	2020-08-10 18:53:53 -07:00
Matt Moyer	7152ffd730	Merge pull request #48 from mattmoyer/extend-dependabot-config Add additional go.mod directories to dependabot.	2020-08-10 12:11:27 -05:00
Matt Moyer	6300898810	Add additional go.mod directories to dependabot. Signed-off-by: Matt Moyer <moyerm@vmware.com>	2020-08-10 12:09:32 -05:00
Matt Moyer	7c8876a812	Merge pull request #47 from suzerain-io/dependabot/docker/golang-1.14.7-alpine Bump golang from 1.14.6-alpine to 1.14.7-alpine	2020-08-10 12:00:28 -05:00
dependabot[bot]	b3df59ca13	Bump golang from 1.14.6-alpine to 1.14.7-alpine Bumps golang from 1.14.6-alpine to 1.14.7-alpine. Signed-off-by: dependabot[bot] <support@github.com>	2020-08-10 16:46:08 +00:00
Matt Moyer	b4130af2bf	Merge pull request #46 from mattmoyer/downgrade-base-image Temporarily downgrade our Docker base image to trigger dependabot.	2020-08-10 11:45:35 -05:00
Matt Moyer	5394008d6f	Temporarily downgrade our Docker base image to trigger dependabot. Signed-off-by: Matt Moyer <moyerm@vmware.com>	2020-08-10 11:44:47 -05:00
Matt Moyer	3583f7a09f	Merge pull request #45 from mattmoyer/add-dependabot-config Add dependabot YAML configuration.	2020-08-10 11:38:35 -05:00
Matt Moyer	df3c387f2e	Add dependabot YAML configuration. Signed-off-by: Matt Moyer <moyerm@vmware.com>	2020-08-10 11:37:52 -05:00
Andrew Keesler	fa0533fae9	hack/module.sh: update usage with unittest command Signed-off-by: Andrew Keesler <akeesler@vmware.com>	2020-08-10 10:18:36 -04:00
Ryan Richard	86c3f89b2e	First draft of moving API server TLS cert generation to controllers - Refactors the existing cert generation code into controllers which read and write a Secret containing the certs - Does not add any new functionality yet, e.g. no new handling for cert expiration, and no leader election to allow for multiple servers running simultaneously - This commit also doesn't add new tests for the cert generation code, but it should be more unit testable now as controllers	2020-08-09 10:04:05 -07:00
Ryan Richard	b00cec954e	Pre-factor server.go - No functional changes - Move all the stuff about clients and controllers into the controller package - Add more comments and organize the code more into more helper functions to make each function smaller	2020-08-07 14:49:04 -07:00
Matt Moyer	b379d5148c	Merge pull request #42 from mattmoyer/monorepo-deux 🚝Monorepo!🚝 (redux)	2020-08-06 21:07:50 -05:00
Matt Moyer	aecd005c60	Disable ./hack/verify-codegen.sh in CI since we don't have Docker available yet. This seems fixable but not in a trivial way from what I could tell. Signed-off-by: Matt Moyer <moyerm@vmware.com>	2020-08-06 20:52:28 -05:00
Matt Moyer	6dd331b21d	Use Go's `-short` flag as a way to avoid running integration tests. Signed-off-by: Matt Moyer <moyerm@vmware.com>	2020-08-06 20:44:14 -05:00
Matt Moyer	c4bbb64622	Fix latent linter issues. Signed-off-by: Matt Moyer <moyerm@vmware.com>	2020-08-06 20:42:20 -05:00
Matt Moyer	7143058462	Update hack scripts to use new docker workflow. Signed-off-by: Matt Moyer <moyerm@vmware.com>	2020-08-06 20:09:15 -05:00
Matt Moyer	c5d5914866	Split up into multiple modules. Signed-off-by: Matt Moyer <moyerm@vmware.com>	2020-08-06 20:09:15 -05:00

1 2 3 4 5

227 Commits