CNTRLPLANE-3423: feat: have CVO inject the centralized TLS configuration into the operator's config#359
Conversation
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Repository: openshift/coderabbit/.coderabbit.yaml Review profile: CHILL Plan: Enterprise Run ID: 📒 Files selected for processing (3)
✅ Files skipped from review due to trivial changes (1)
WalkthroughThe PR adds a TLS injection annotation to the operator ConfigMap and adds a file-change termination argument to both service-ca-operator Deployment manifests. ChangesService-ca operator manifest updates
🎯 1 (Trivial) | ⏱️ ~3 minutes 🚥 Pre-merge checks | ✅ 14 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (14 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
|
@ingvagabund: This pull request references CNTRLPLANE-3423 which is a valid jira issue. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
Actionable comments posted: 0 |
|
/approve |
{
"apiVersion": "v1",
"data": {
"operator-config.yaml": "apiVersion: operator.openshift.io/v1alpha1\nkind: GenericOperatorConfig\nservingInfo:\n cipherSuites:\n - TLS_AES_128_GCM_SHA256\n - TLS_AES_256_GCM_SHA384\n - TLS_CHACHA20_POLY1305_SHA256\n - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256\n - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384\n - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256\n - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256\n - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384\n - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256\n minTLSVersion: VersionTLS12\n"
},
"kind": "ConfigMap",
"metadata": {
"annotations": {
"config.openshift.io/inject-tls": "true",
"include.release.openshift.io/hypershift": "true",
"include.release.openshift.io/ibm-cloud-managed": "true",
"include.release.openshift.io/self-managed-high-availability": "true",
"include.release.openshift.io/single-node-developer": "true"
},
"creationTimestamp": "2026-05-28T23:28:07Z",
"name": "service-ca-operator-config",
"namespace": "openshift-service-ca-operator",
"ownerReferences": [
{
"apiVersion": "config.openshift.io/v1",
"controller": true,
"kind": "ClusterVersion",
"name": "version",
"uid": "59dc4be5-781d-49b4-bde5-5c6abb5797fc"
}
],
"resourceVersion": "1647",
"uid": "c87b5362-b170-4931-88db-78e3dff12236"
}
},TLS injected |
…ator's config Also, have the operator restart whenever the config changes.
1a5f8e5 to
6b9cb8c
Compare
|
/retest-required |
3 similar comments
|
/retest-required |
|
/retest-required |
|
/retest-required |
|
/retest |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: ricardomaraschini The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
/verified by CI |
|
@ingvagabund: This PR has been marked as verified by DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
@ingvagabund: all tests passed! Full PR test history. Your PR dashboard. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
Also, have the operator restart whenever the config changes.
wip-docs: openshift/enhancements#2020
Summary by CodeRabbit
Summary by CodeRabbit