bugfix: update secret function adapt ssa feature gate #8154
Conversation
cert-manager-prow
bot
added
kind/bug
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
cert-manager-prow
bot
added
the
needs-ok-to-test
|
Hi @xumeng1231. Thanks for your PR. I'm waiting for a cert-manager member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
cert-manager-prow
bot
added
the
size/M
xumeng1231
force-pushed
the
bugfix/secret-ssa
branch
from
a7f9fe0 to
4ff359e
Compare
cert-manager-prow
bot
added
dco-signoff: yes
|
@xumeng1231, cert-manager 1.16 is unsupported. See https://cert-manager.io/docs/releases/#currently-supported-releases. |
|
However, the problem still exists in the master branch. |
Yes, you are correct. /ok-to-test |
cert-manager-prow
bot
added
ok-to-test
and removed
needs-ok-to-test
|
/retest |
|
@xumeng1231 As mentioned by @erikgb, we no longer support cert-manager 1.16, we also do not support kubernetes 1.22. If I recall correctly, we depend on ServerSideApply for this part of the code to work correctly (merge existing secrets with our changes etc.). I agree that it is misleading that not all our ServerSideApply patches are gated by the ServerSideApply feature gate. |
xumeng1231
force-pushed
the
bugfix/secret-ssa
branch
from
4ff359e to
04ba76c
Compare
cert-manager-prow
bot
added
area/testing
Signed-off-by: xumeng1231 <xumeng1231@github.com>
xumeng1231
force-pushed
the
bugfix/secret-ssa
branch
from
04ba76c to
d0b9e0c
Compare
Yes, after I supplemented it with the ServerSideApply feature gate, cert-manager was able to run normally on my 1.22 cluster (although it does not support Kubernetes 1.22). However, you must admit that there are issues with the code. |
|
/retest |
|
@xumeng1231: The following test failed, say
Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
|
Sorry @xumeng1231, we won't accept this change. Our long term goal is to move to SSA 100%. We don't have capacity right now to review changes to support k8s 1.22. |
|
@xumeng1231 Hey, thanks for working on this! As Tim mentioned, cert-manager no longer supports Kubernetes 1.22, and we would like to avoid going down this path. I'd love to hear more about the reasons that led you to stay on Kubernetes 1.22. Feel free to join one of our open standups or biweekly meetings: https://cert-manager.io/docs/contributing/#daily-check-in. |
4 participants
Pull Request Motivation
When I deployed the cert-manager 1.16 version to the k8s 1.22 cluster, I encountered an error: "re-queuing item due to error processing" err="failed to apply secret tcs-system/tcs-admission-webhook-tls: 415: Unsupported Media Type" logger="cert-manager.controller". I checked the code and found that in the module where the controller updates the secret, there was no control using the ssa feature gate. Because I noticed that the default value of ServerSideApply was false. After I redeployed using the modified code to the cluster, it worked normally.
Kind
/kind bug
Release Note