New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
BUGFIX: CertificateRequest short names must be unique. #6354
BUGFIX: CertificateRequest short names must be unique. #6354
Conversation
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
e63fc97
to
fa2d933
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I've left a couple of comments; what do you think?
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
/cherrypick release-1.13 |
@inteon: once the present PR merges, I will cherry-pick it on top of release-1.13 in a new PR and assign it to you. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/cherrypick release-1.12 |
@inteon: once the present PR merges, I will cherry-pick it on top of release-1.12 in a new PR and assign it to you. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
0f35a61
to
860df22
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Couple more comments!
// We limit the GenerateName to 52 + 1 characters to stay within the 63 - 5 character limit that | ||
// is used in Kubernetes when generating names. | ||
// see https://github.com/kubernetes/apiserver/blob/696768606f546f71a1e90546613be37d1aa37f64/pkg/storage/names/generate.go |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Love this comment!
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/lgtm
/approve
/hold
This is an improvement and it fixes the issue as far as I can tell! I think it'd be helpful for another maintainer to take a look at this since it's essentially setting the format for all CertificateRequests going forwards. Maybe someone else will have thoughts on it. But I'd be happy to merge I think!
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: SgtCoDFish The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
I am happy with the new format. Maybe bumping the name limit from a DNS label (63 chars) to a DNS subdomain (253 chars) would have solved 99% of the problems, including the original author of the issue. It seems like the hashing feature addresses a small corner case: folks with very very very large certificate names (longer than 232 chars) would still get the issue reported by the original author. But it's good that we solved this corner case anyways. Thanks for working on this! I'll hold it if you need to fix some of the non-blocking suggestions. /lgtm |
Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com>
/unhold |
/lgtm (quick lgtm as requested given this has been reviewed) |
@inteon: new pull request created: #6358 In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
@inteon: new pull request created: #6359 In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Fixes #6342
The new mechanism is explained here:
cert-manager/pkg/controller/certificates/requestmanager/requestmanager_controller.go
Lines 401 to 411 in 860df22
Kind
/kind bug
Release Note