Enable Cert Manager #8509

matzew · 2025-02-26T15:26:10Z

Fixes #

Proposed Changes

in sink controller we create the cert-mgr informer based on the fact if TLS is enabled

Pre-review Checklist

At least 80% unit test coverage
E2E tests for any new behavior
Docs PR for any user-facing impact
Spec PR for any new API feature
Conformance test for any change to the spec

Release Note

TLS / Cert Manager integration for IntegrationSink

Docs

knative-prow · 2025-02-26T15:26:19Z

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: matzew

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

~~OWNERS~~ [matzew]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

matzew · 2025-02-26T15:27:18Z

pkg/certificates/certificate.go

 }
+
+func deploymentName(sinkName string) string {
+	return kmeta.ChildName(sinkName, "-deployment")


I think on the "generic" certificate factory we could just pass in the name of the deployment to the MakeCert function

cmd/controller/main.go

matzew · 2025-02-26T15:27:36Z

pkg/reconciler/integration/sink/controller.go

-		eventPolicyLister: eventPolicyInformer.Lister(),
-		//cmCertificateLister: cmCertificateInformer.Lister(),
-		//certManagerClient:   cmclient.Get(ctx),
+		secretLister:        secretInformer.Lister(),


knoob needed

matzew · 2025-02-26T15:28:34Z

This needs the knob for turning on/off the "cert manager" hooks.

As discussed in #8385 (review)

pkg/reconciler/integration/sink/controller.go

matzew · 2025-03-05T09:45:22Z

With the manual created lister, I seem to get error

{"level":"error","ts":"2025-03-05T09:28:42.424Z","logger":"controller","caller":"controller/controller.go:564","msg":"Reconcile error","commit":"794d3a1-dirty","knative.dev/pod":"eventing-controller-f554cb8c9-tgwzz","knative.dev/controller":"knative.dev.eventing.pkg.reconciler.integration.sink.Reconciler","knative.dev/kind":"sinks.knative.dev.IntegrationSink","knative.dev/traceid":"9f6eac8e-fd4f-4229-ba0c-7cef645deb97","knative.dev/key":"test-gpgbdyap/integrationsink-mmxezqvd","duration":0.018033456,"error":"creating new Certificate: certificates.cert-manager.io \"integrationsink-mmxezqvd-server-tls\" already exists","stacktrace":"knative.dev/pkg/controller.(*Impl).handleErr\n\tknative.dev/[email protected]/controller/controller.go:564\nknative.dev/pkg/controller.(*Impl).processNextWorkItem\n\tknative.dev/[email protected]/controller/controller.go:541\nknative.dev/pkg/controller.(*Impl).RunContext.func3\n\tknative.dev/[email protected]/controller/controller.go:489"}

And yes, it gets once created, but I end up in the IsNotFound, where the create than fails like above

https://github.com/matzew/eventing/blob/enable_cert_mgr/pkg/reconciler/integration/sink/integrationsink.go#L175-L183

pierDipi · 2025-03-05T09:57:08Z

@matzew you need to label the certificate with that label app.kubernetes.io/component=knative-eventing https://github.com/matzew/eventing/blob/1ae012d15dde0de849b485de71382fa726ab0a47/pkg/certificates/certificate.go#L37-L41

matzew · 2025-03-05T15:05:55Z

pkg/reconciler/integration/sink/integrationsink.go

+			logging.FromContext(ctx).Errorw("Error reconciling Certificate", zap.Error(err))
+			return err
+		}
+	}


TODO: delete certificate once the feature is turned.

matzew · 2025-03-05T15:10:24Z

pkg/reconciler/integration/sink/controller.go

 		impl.EnqueueKey,
 	))

+	cmCertificateInformer.Informer().AddEventHandler(controller.HandleAll(impl.Enqueue))


Todo: better filtering.

matzew · 2025-03-06T07:35:36Z

TODO: delete certificate once the feature is turned off
-> will do in a separate PR

More unit tests for reconciler will come too

Signed-off-by: Matthias Wessendorf <[email protected]>

pierDipi · 2025-03-06T08:09:49Z

pkg/reconciler/integration/sink/controller.go

+				}()
+
+			} else {
+				cancelFunc, cancelExists := ctx.Value("cancelFunc").(context.CancelFunc)


where is this set?

ah. yeah. right

pierDipi · 2025-03-06T08:10:33Z

pkg/reconciler/integration/sink/controller.go

+					factory.Start(ctx.Done())
+
+					if !cache.WaitForCacheSync(ctx.Done(), cmCertificateInformer.Informer().HasSynced) {
+						logging.FromContext(ctx).Error("Failed to sync Cert Manager Certificate informer")
+					}


this ctx will only complete when the pod exits, so this might leak informers watchers/connections, I think we need a "sub-context" for only this factory start/stop

ok, let me take a look

diff --git a/pkg/certificates/certificate.go b/pkg/certificates/certificate.go index 67f7aa308..cb97e58be 100644 --- a/pkg/certificates/certificate.go +++ b/pkg/certificates/certificate.go @@ -17,16 +17,96 @@ limitations under the License. package certificates import ( + "context" "fmt" + "sync" + "sync/atomic" "time" cmv1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" cmmeta "github.com/cert-manager/cert-manager/pkg/apis/meta/v1" - "knative.dev/pkg/kmeta" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/cache" + "knative.dev/eventing/pkg/apis/feature" + cmclient "knative.dev/eventing/pkg/client/certmanager/clientset/versioned" + cminformers "knative.dev/eventing/pkg/client/certmanager/informers/externalversions" + cmlistersv1 "knative.dev/eventing/pkg/client/certmanager/listers/certmanager/v1" + "knative.dev/pkg/controller" + "knative.dev/pkg/injection" + "knative.dev/pkg/kmeta" + "knative.dev/pkg/logging" ) +type DynamicCertificatesInformer struct { + cancel atomic.Pointer[context.CancelFunc] + lister atomic.Pointer[cmlistersv1.CertificateLister] + mu sync.Mutex +} + +func NewDynamicCertificatesInformer() *DynamicCertificatesInformer { + return &DynamicCertificatesInformer{ + cancel: atomic.Pointer[context.CancelFunc]{}, + lister: atomic.Pointer[cmlistersv1.CertificateLister]{}, + mu: sync.Mutex{}, + } +} + +func (df *DynamicCertificatesInformer) Reconcile(ctx context.Context, features feature.Flags, handler cache.ResourceEventHandler) error { + df.mu.Lock() + defer df.mu.Unlock() + if !features.IsPermissiveTransportEncryption() && !features.IsStrictTransportEncryption() { + return df.stop(ctx) + } + if df.cancel.Load() != nil { + return nil + } + ctx, cancel := context.WithCancel(ctx) + + client := cmclient.NewForConfigOrDie(injection.GetConfig(ctx)) + + factory := cminformers.NewSharedInformerFactoryWithOptions( + client, + controller.DefaultResyncPeriod, + cminformers.WithTweakListOptions(func(options *metav1.ListOptions) { + options.LabelSelector = "app.kubernetes.io/component=knative-eventing" + }), + ) + informer := factory.Certmanager().V1().Certificates() + informer.Informer().AddEventHandler(handler) + + factory.Start(ctx.Done()) + if !cache.WaitForCacheSync(ctx.Done(), informer.Informer().HasSynced) { + defer cancel() + return fmt.Errorf("failed to sync cert-manager Certificate informer") + } + + lister := informer.Lister() + df.lister.Store(&lister) + df.cancel.Store(&cancel) // Cancel is always set as last field since it's used as a "guard". + + return nil +} + +func (df *DynamicCertificatesInformer) stop(ctx context.Context) error { + cancel := df.cancel.Load() + if cancel == nil { + logging.FromContext(ctx).Debugw("Certificate informer has not been started, nothing to stop") + return nil + } + + (*cancel)() + df.lister.Store(nil) + df.cancel.Store(nil) // Cancel is always set as last field since it's used as a "guard". + return nil +} + +func (df *DynamicCertificatesInformer) Lister() *atomic.Pointer[cmlistersv1.CertificateLister] { + df.mu.Lock() + defer df.mu.Unlock() + + return &df.lister +} + func CertificateName(objName string) string { return kmeta.ChildName(objName, "-server-tls") } diff --git a/pkg/reconciler/integration/sink/controller.go b/pkg/reconciler/integration/sink/controller.go index dcc181adc..3cdbab854 100644 --- a/pkg/reconciler/integration/sink/controller.go +++ b/pkg/reconciler/integration/sink/controller.go @@ -19,19 +19,18 @@ package sink import ( "context" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "go.uber.org/zap" "k8s.io/client-go/tools/cache" - certmanagerclient "knative.dev/eventing/pkg/client/certmanager/clientset/versioned" - certmanagerinformers "knative.dev/eventing/pkg/client/certmanager/informers/externalversions" - "knative.dev/pkg/injection" - "knative.dev/eventing/pkg/apis/feature" - v1alpha1 "knative.dev/eventing/pkg/apis/sinks/v1alpha1" + "knative.dev/eventing/pkg/apis/sinks/v1alpha1" "knative.dev/eventing/pkg/auth" + "knative.dev/eventing/pkg/certificates" + cmclient "knative.dev/eventing/pkg/client/certmanager/clientset/versioned" "knative.dev/eventing/pkg/client/injection/informers/eventing/v1alpha1/eventpolicy" "knative.dev/eventing/pkg/client/injection/informers/sinks/v1alpha1/integrationsink" deploymentinformer "knative.dev/pkg/client/injection/kube/informers/apps/v1/deployment" "knative.dev/pkg/client/injection/kube/informers/core/v1/service" + "knative.dev/pkg/injection" pkgreconciler "knative.dev/pkg/reconciler" integrationsinkreconciler "knative.dev/eventing/pkg/client/injection/reconciler/sinks/v1alpha1/integrationsink" @@ -52,12 +51,15 @@ func NewController( deploymentInformer := deploymentinformer.Get(ctx) serviceInformer := service.Get(ctx) + dynamicCertificateInformer := certificates.NewDynamicCertificatesInformer() r := &Reconciler{ - kubeClientSet: kubeclient.Get(ctx), - deploymentLister: deploymentInformer.Lister(), - serviceLister: serviceInformer.Lister(), - secretLister: secretInformer.Lister(), - eventPolicyLister: eventPolicyInformer.Lister(), + secretLister: secretInformer.Lister(), + eventPolicyLister: eventPolicyInformer.Lister(), + kubeClientSet: kubeclient.Get(ctx), + deploymentLister: deploymentInformer.Lister(), + serviceLister: serviceInformer.Lister(), + cmCertificateLister: *dynamicCertificateInformer.Lister(), + certManagerClient: cmclient.NewForConfigOrDie(injection.GetConfig(ctx)), } logging.FromContext(ctx).Info("Creating IntegrationSink controller") @@ -66,40 +68,15 @@ func NewController( featureStore := feature.NewStore(logging.FromContext(ctx).Named("feature-config-store"), func(name string, value interface{}) { if globalResync != nil { - globalResync(nil) - } - if features, ok := value.(feature.Flags); ok { - // we assume that Cert-Manager is installed in the cluster if the feature flag is enabled - if features.IsPermissiveTransportEncryption() || features.IsStrictTransportEncryption() { - - go func() { // Start and register informer - certManagerClient := certmanagerclient.NewForConfigOrDie(injection.GetConfig(ctx)) - factory := certmanagerinformers.NewSharedInformerFactoryWithOptions( - certManagerClient, - controller.DefaultResyncPeriod, - certmanagerinformers.WithTweakListOptions(func(options *v1.ListOptions) { - options.LabelSelector = "app.kubernetes.io/component=knative-eventing" - }), - ) - cmCertificateInformer := factory.Certmanager().V1().Certificates() - r.cmCertificateLister = cmCertificateInformer.Lister() - r.certManagerClient = certManagerClient - - cmCertificateInformer.Informer().AddEventHandler(controller.HandleAll(globalResync)) - factory.Start(ctx.Done()) - - if !cache.WaitForCacheSync(ctx.Done(), cmCertificateInformer.Informer().HasSynced) { - logging.FromContext(ctx).Error("Failed to sync Cert Manager Certificate informer") - } - }() - - } else { - cancelFunc, cancelExists := ctx.Value("cancelFunc").(context.CancelFunc) - if cancelExists { - go cancelFunc() + if features, ok := value.(feature.Flags); ok { + // we assume that Cert-Manager is installed in the cluster if the feature flag is enabled + if err := dynamicCertificateInformer.Reconcile(ctx, features, controller.HandleAll(globalResync)); err != nil { + logging.FromContext(ctx).Errorw("Failed to start certificates dynamic factory", zap.Error(err)) } } + + globalResync(nil) } }) featureStore.WatchConfigs(cmw) diff --git a/pkg/reconciler/integration/sink/integrationsink.go b/pkg/reconciler/integration/sink/integrationsink.go index 0f5a338bc..8e7f77b44 100644 --- a/pkg/reconciler/integration/sink/integrationsink.go +++ b/pkg/reconciler/integration/sink/integrationsink.go @@ -19,8 +19,10 @@ package sink import ( "context" "fmt" + "sync/atomic" "knative.dev/eventing/pkg/certificates" + certmanagerlisters "knative.dev/eventing/pkg/client/certmanager/listers/certmanager/v1" cmv1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" @@ -47,8 +49,6 @@ import ( certmanagerclientset "knative.dev/eventing/pkg/client/certmanager/clientset/versioned" - certmanagerlisters "knative.dev/eventing/pkg/client/certmanager/listers/certmanager/v1" - "knative.dev/eventing/pkg/eventingtls" duckv1 "knative.dev/pkg/apis/duck/v1" "knative.dev/pkg/controller" @@ -74,7 +74,7 @@ type Reconciler struct { deploymentLister appsv1listers.DeploymentLister serviceLister corev1listers.ServiceLister - cmCertificateLister certmanagerlisters.CertificateLister + cmCertificateLister atomic.Pointer[certmanagerlisters.CertificateLister] certManagerClient certmanagerclientset.Interface } @@ -174,7 +174,12 @@ func (r *Reconciler) reconcileCMCertificate(ctx context.Context, sink *sinks.Int expected := certificates.MakeCertificate(sink, sink.Name) - cert, err := r.cmCertificateLister.Certificates(sink.Namespace).Get(expected.Name) + lister := r.cmCertificateLister.Load() + if lister == nil { + return nil, fmt.Errorf("no cer-manager certificate lister created yet, this should never happen") + } + + cert, err := (*lister).Certificates(sink.Namespace).Get(expected.Name) if apierrors.IsNotFound(err) { cert, err := r.certManagerClient.CertmanagerV1().Certificates(sink.Namespace).Create(ctx, expected, metav1.CreateOptions{}) if err != nil {

Something like this I guess

hitting this:

logging.FromContext(ctx).Debugw("Certificate informer has not been started, nothing to stop")

than later it is stuck here:

return nil, fmt.Errorf("no cer-manager certificate lister created yet, this should never happen")

codecov · 2025-03-06T08:13:20Z

Codecov Report

Attention: Patch coverage is 51.28205% with 38 lines in your changes missing coverage. Please review.

Project coverage is 64.19%. Comparing base (615a071) to head (06bd3bb).
Report is 1 commits behind head on main.

Files with missing lines	Patch %	Lines
pkg/reconciler/integration/sink/controller.go	0.00%	32 Missing ⚠️
pkg/reconciler/integration/sink/integrationsink.go	0.00%	5 Missing and 1 partial ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #8509      +/-   ##
==========================================
- Coverage   64.26%   64.19%   -0.08%     
==========================================
  Files         397      397              
  Lines       24337    24354      +17     
==========================================
- Hits        15641    15634       -7     
- Misses       7858     7880      +22     
- Partials      838      840       +2

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

❄ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

matzew · 2025-03-06T10:15:00Z

We could merge my current and work on proper fix in separate PR... as an option.

pierDipi · 2025-03-06T11:20:10Z

/lgtm

* Re-enable Cert Mgr Signed-off-by: Matthias Wessendorf <[email protected]> * Manual informer Signed-off-by: Matthias Wessendorf <[email protected]> * Update main Signed-off-by: Matthias Wessendorf <[email protected]> * update controller Signed-off-by: Matthias Wessendorf <[email protected]> * Adding label on cert Signed-off-by: Matthias Wessendorf <[email protected]> * add enqueue Signed-off-by: Matthias Wessendorf <[email protected]> * Create Cert Informer, on demand, and cancle when flag is disabled Signed-off-by: Matthias Wessendorf <[email protected]> * Update unit tests that broke during rrefactors Signed-off-by: Matthias Wessendorf <[email protected]> --------- Signed-off-by: Matthias Wessendorf <[email protected]>

* Partial implementation of certmanager for integration sink (knative#8481) * Adding cert-mananger bits Basics for Cert-manager Signed-off-by: Matthias Wessendorf <[email protected]> * Adding create cert manifest function Signed-off-by: Matthias Wessendorf <[email protected]> * Use the make cert Signed-off-by: Matthias Wessendorf <[email protected]> * Reconcile Certificate manifest and add RBAC Signed-off-by: Matthias Wessendorf <[email protected]> * Add secret filter to controller Signed-off-by: Matthias Wessendorf <[email protected]> * Look up secrets/certs for sink Signed-off-by: Matthias Wessendorf <[email protected]> * Remove old/wrong Certificate manifest and reference Signed-off-by: Matthias Wessendorf <[email protected]> * Fix controller compile Signed-off-by: Matthias Wessendorf <[email protected]> * Formatting Signed-off-by: Matthias Wessendorf <[email protected]> * change the reconcile of cert manifest, and run it only w/ some form of TLS Signed-off-by: Matthias Wessendorf <[email protected]> * using filtered informer Signed-off-by: Matthias Wessendorf <[email protected]> * Adding Rekt test for IntegrationSink TLS support Signed-off-by: Matthias Wessendorf <[email protected]> * adding a bit of https port for deployment/service of the IntegrationSink Signed-off-by: Matthias Wessendorf <[email protected]> * Mounting secrets and setting quarkus env vars for TLS support Signed-off-by: Matthias Wessendorf <[email protected]> * Adding flags for different TLS levels resulting in diffeerent quarkus env vars Signed-off-by: Matthias Wessendorf <[email protected]> * Remove bad comment Signed-off-by: Matthias Wessendorf <[email protected]> * Adding label Signed-off-by: Matthias Wessendorf <[email protected]> * Update codegen Signed-off-by: Matthias Wessendorf <[email protected]> * Disable tmp. the cert manager feature Signed-off-by: Matthias Wessendorf <[email protected]> * Fixing header/year Signed-off-by: Matthias Wessendorf <[email protected]> * More test tweaking Signed-off-by: Matthias Wessendorf <[email protected]> * Remove unused and comment out the hooks for now Signed-off-by: Matthias Wessendorf <[email protected]> --------- Signed-off-by: Matthias Wessendorf <[email protected]> * Run make generate-release Signed-off-by: Matthias Wessendorf <[email protected]> * Remove unused code (knative#8485) Signed-off-by: Matthias Wessendorf <[email protected]> * IntegrationSink prefactors (knative#8486) Little refactors on IntegrationSink Signed-off-by: Matthias Wessendorf <[email protected]> * Add initial iteration of eventing-integration resources (knative#8493) * Generic code for Certificates (knative#8489) Make Certifacte factory more generic Signed-off-by: Matthias Wessendorf <[email protected]> * Jsonata Event transform e2e tests (knative#8499) * E2E tests Signed-off-by: Pierangelo Di Pilato <[email protected]> * EventTransform Jsonata e2e tests Signed-off-by: Pierangelo Di Pilato <[email protected]> * Use eventing-integrations images and fix tests Signed-off-by: Pierangelo Di Pilato <[email protected]> * Verify response status code received by source Signed-off-by: Pierangelo Di Pilato <[email protected]> * Update JSONata transformations Signed-off-by: Pierangelo Di Pilato <[email protected]> --------- Signed-off-by: Pierangelo Di Pilato <[email protected]> * Inject integration images from ConfigMap (knative#8500) Signed-off-by: Pierangelo Di Pilato <[email protected]> * Run make generate-release Signed-off-by: Matthias Wessendorf <[email protected]> * Update to the correct file (knative#8507) Signed-off-by: Matthias Wessendorf <[email protected]> * EventTransform: Inject tracing configurations (knative#8479) Signed-off-by: Pierangelo Di Pilato <[email protected]> * EventTransform: add reconciler unit tests (knative#8513) * EventTransform: add reconciler unit tests Signed-off-by: Pierangelo Di Pilato <[email protected]> * Update pkg/reconciler/testing/v1alpha1/eventtransform.go Co-authored-by: Marek Schmidt <[email protected]> --------- Signed-off-by: Pierangelo Di Pilato <[email protected]> Co-authored-by: Marek Schmidt <[email protected]> * Enable Cert Manager (knative#8509) * Re-enable Cert Mgr Signed-off-by: Matthias Wessendorf <[email protected]> * Manual informer Signed-off-by: Matthias Wessendorf <[email protected]> * Update main Signed-off-by: Matthias Wessendorf <[email protected]> * update controller Signed-off-by: Matthias Wessendorf <[email protected]> * Adding label on cert Signed-off-by: Matthias Wessendorf <[email protected]> * add enqueue Signed-off-by: Matthias Wessendorf <[email protected]> * Create Cert Informer, on demand, and cancle when flag is disabled Signed-off-by: Matthias Wessendorf <[email protected]> * Update unit tests that broke during rrefactors Signed-off-by: Matthias Wessendorf <[email protected]> --------- Signed-off-by: Matthias Wessendorf <[email protected]> * Event Transform JSONata TLS (knative#8515) * Event Transform JSONata TLS Signed-off-by: Pierangelo Di Pilato <[email protected]> * HA and security context Signed-off-by: Pierangelo Di Pilato <[email protected]> * Reconcile Certificate Signed-off-by: Pierangelo Di Pilato <[email protected]> * Additional unit tests cases Signed-off-by: Pierangelo Di Pilato <[email protected]> * Fix tests Signed-off-by: Pierangelo Di Pilato <[email protected]> * EventTransform trust bundle propagation and tests Signed-off-by: Pierangelo Di Pilato <[email protected]> * Fix tests and address comments Signed-off-by: Pierangelo Di Pilato <[email protected]> --------- Signed-off-by: Pierangelo Di Pilato <[email protected]> * Run make generate-release Signed-off-by: Matthias Wessendorf <[email protected]> * Add dynamic cert-manager certificates informer (knative#8517) * Add dynamic informer, part I Signed-off-by: Matthias Wessendorf <[email protected]> * Add Dynamic certificates informer for EventTransform Signed-off-by: Pierangelo Di Pilato <[email protected]> * Add Dynamic certificates Informer to IntegrationSink Signed-off-by: Pierangelo Di Pilato <[email protected]> * Fix error message Signed-off-by: Pierangelo Di Pilato <[email protected]> --------- Signed-off-by: Matthias Wessendorf <[email protected]> Signed-off-by: Pierangelo Di Pilato <[email protected]> Co-authored-by: Pierangelo Di Pilato <[email protected]> * Improve CM Cert reconcile and deletion if feature is turned off (knative#8519) refactor CM Cert reconciler and take care of delete if feature is disabled Signed-off-by: Matthias Wessendorf <[email protected]> * Remove transformations and integrations ConfigMaps (#1201) We don't use the ConfigMaps to inject the values, the operator will replace the value to the images directly. Signed-off-by: Pierangelo Di Pilato <[email protected]> Co-authored-by: Pierangelo Di Pilato <[email protected]> * Run make generate-release Signed-off-by: Matthias Wessendorf <[email protected]> * Add configmaps/finalizers permissions Signed-off-by: Pierangelo Di Pilato <[email protected]> * Add update finalizers permissions for EventTransform reconciled resources Signed-off-by: Pierangelo Di Pilato <[email protected]> * Volume mounts use direct Signed-off-by: Matthias Wessendorf <[email protected]> * Fix EventTransform with TLS Sink test Signed-off-by: Matthias Wessendorf <[email protected]> --------- Signed-off-by: Matthias Wessendorf <[email protected]> Signed-off-by: Pierangelo Di Pilato <[email protected]> Co-authored-by: David Simansky <[email protected]> Co-authored-by: Pierangelo Di Pilato <[email protected]> Co-authored-by: Marek Schmidt <[email protected]>

knative-prow bot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Feb 26, 2025

knative-prow bot added approved Indicates a PR has been approved by an approver from all required OWNERS files. size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels Feb 26, 2025

knative-prow bot requested review from Cali0707 and evankanderson February 26, 2025 15:26

knative-prow bot added the area/test-and-release Test infrastructure, tests or release label Feb 26, 2025

matzew commented Feb 26, 2025

View reviewed changes

cmd/controller/main.go Outdated Show resolved Hide resolved

matzew commented Feb 26, 2025

View reviewed changes

matzew mentioned this pull request Feb 26, 2025

Bump cert manager and use their clientset #8484

Closed

5 tasks

matzew force-pushed the enable_cert_mgr branch from bf74a04 to ace33a7 Compare March 4, 2025 16:44

pierDipi reviewed Mar 4, 2025

View reviewed changes

pkg/reconciler/integration/sink/controller.go Outdated Show resolved Hide resolved

pierDipi reviewed Mar 4, 2025

View reviewed changes

pkg/reconciler/integration/sink/controller.go Outdated Show resolved Hide resolved

pierDipi reviewed Mar 4, 2025

View reviewed changes

pkg/reconciler/integration/sink/controller.go Outdated Show resolved Hide resolved

pierDipi reviewed Mar 4, 2025

View reviewed changes

pkg/reconciler/integration/sink/controller.go Outdated Show resolved Hide resolved

matzew commented Mar 5, 2025

View reviewed changes

matzew changed the title ~~WIP: Re-enable Cert Mgr~~ Enable Cert Manager Mar 6, 2025

knative-prow bot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Mar 6, 2025

matzew added 6 commits March 6, 2025 09:06

Re-enable Cert Mgr

1d39e17

Signed-off-by: Matthias Wessendorf <[email protected]>

Manual informer

5e0a7e7

Signed-off-by: Matthias Wessendorf <[email protected]>

Update main

052f0a6

Signed-off-by: Matthias Wessendorf <[email protected]>

update controller

846e9eb

Signed-off-by: Matthias Wessendorf <[email protected]>

Adding label on cert

3c7d3e9

Signed-off-by: Matthias Wessendorf <[email protected]>

add enqueue

5c94bcc

Signed-off-by: Matthias Wessendorf <[email protected]>

matzew added 2 commits March 6, 2025 09:06

Create Cert Informer, on demand, and cancle when flag is disabled

6aedb06

Signed-off-by: Matthias Wessendorf <[email protected]>

Update unit tests that broke during rrefactors

06bd3bb

Signed-off-by: Matthias Wessendorf <[email protected]>

matzew force-pushed the enable_cert_mgr branch from f74f08b to 06bd3bb Compare March 6, 2025 08:06

pierDipi reviewed Mar 6, 2025

View reviewed changes

knative-prow bot assigned pierDipi Mar 6, 2025

knative-prow bot added the lgtm Indicates that a PR is ready to be merged. label Mar 6, 2025

knative-prow bot merged commit eb3dd80 into knative:main Mar 6, 2025
34 of 36 checks passed

Uh oh!

Enable Cert Manager #8509

Enable Cert Manager #8509

Uh oh!

Conversation

matzew commented Feb 26, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Proposed Changes

Pre-review Checklist

Uh oh!

knative-prow bot commented Feb 26, 2025

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Choose a reason for hiding this comment

Uh oh!

matzew commented Feb 26, 2025

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

matzew commented Mar 5, 2025

Uh oh!

pierDipi commented Mar 5, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

matzew commented Mar 6, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

pierDipi Mar 6, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

pierDipi Mar 6, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

codecov bot commented Mar 6, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Codecov Report

Uh oh!

matzew commented Mar 6, 2025

Uh oh!

pierDipi commented Mar 6, 2025

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

matzew commented Feb 26, 2025 •

edited

Loading

pierDipi commented Mar 5, 2025 •

edited

Loading

matzew commented Mar 6, 2025 •

edited

Loading

pierDipi Mar 6, 2025 •

edited

Loading

pierDipi Mar 6, 2025 •

edited

Loading

codecov bot commented Mar 6, 2025 •

edited

Loading