-
Notifications
You must be signed in to change notification settings - Fork 1.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Removes legacy SPIFFE TLS clients and servers in favour of the new SPIRE TLS clients and servers. #7037
Removes legacy SPIFFE TLS clients and servers in favour of the new SPIRE TLS clients and servers. #7037
Conversation
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## master #7037 +/- ##
==========================================
- Coverage 61.88% 61.83% -0.06%
==========================================
Files 246 245 -1
Lines 22519 22414 -105
==========================================
- Hits 13937 13860 -77
+ Misses 7415 7393 -22
+ Partials 1167 1161 -6 ☔ View full report in Codecov by Sentry. |
/test-version-skew |
Dapr Version Skew test (dapr-sidecar-master - 1.12.0)Commit ref: af4dc0b ❌ Version Skew tests failedPlease check the logs for details on the error. |
Dapr Version Skew test (control-plane-master - 1.12.0)Commit ref: af4dc0b ❌ Version Skew tests failedPlease check the logs for details on the error. |
/test-version-skew |
Dapr Version Skew test (control-plane-master - 1.12.0)Commit ref: 083fd25 ✅ Version Skew tests passed |
Dapr Version Skew test (dapr-sidecar-master - 1.12.0)Commit ref: 083fd25 ❌ Version Skew tests failedPlease check the logs for details on the error. |
The failures seem related to some setup steps, not code changes? |
// TODO: @joshvanl: included for backwards compatibility with v1.11 daprd's | ||
// which request these environment variables to be present when running in | ||
// Kubernetes. Should be removed in v1.13. | ||
container.Env = append(container.Env, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Are we ok dropping support for 1.11 in 1.13? That is not the usual "N-2" compatibility we offer.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
N-2
is best effort and not guaranteed.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We support N-1 compatibility, N-2 support is for users running with N-2 and not mixing N-2 with N. Anyway, 1.11 is N-3 from 1.14, so we are OK to remove it either way.
d312b27
to
53e381b
Compare
ebedd4c
to
8c623ea
Compare
7905cd4
to
010214a
Compare
1397637
to
e7e16e4
Compare
2fb4e9c
to
244b483
Compare
/test-version-skew |
Signed-off-by: joshvanl <me@joshvanl.dev>
/test-version-skew |
Dapr Version Skew e2e test (control-plane-master - 1.13.0)Commit ref: 7b44354 ✅ Version Skew tests passed |
Dapr Version Skew integration test (dapr-sidecar-master - 1.13.0)Commit ref: 7b44354 ❌ Version Skew tests failedPlease check the logs for details on the error. |
Dapr Version Skew e2e test (dapr-sidecar-master - 1.13.0)Commit ref: 7b44354 ✅ Version Skew tests passed |
Dapr Version Skew integration test (control-plane-master - 1.13.0)Commit ref: 7b44354 ❌ Version Skew tests failedPlease check the logs for details on the error. |
Signed-off-by: joshvanl <me@joshvanl.dev>
/test-version-skew |
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
✅ Version Skew tests passed |
✅ Version Skew tests passed |
✅ Version Skew tests passed |
✅ Version Skew tests passed |
Signed-off-by: joshvanl <me@joshvanl.dev>
…IRE TLS clients and servers. (dapr#7037) * Removes legacy SPIFFE TLS clients and servers in favour of the new SPIRE TLS clients and servers. Signed-off-by: joshvanl <me@joshvanl.dev> * Fix sentry int tests, and adds test to ensure legacy ID is not longer accepted Signed-off-by: joshvanl <me@joshvanl.dev> * String match on sentry Kubernetes validator longname test Signed-off-by: joshvanl <me@joshvanl.dev> * Fix namespace of sentry in operator tests Signed-off-by: joshvanl <me@joshvanl.dev> * Linting Signed-off-by: joshvanl <me@joshvanl.dev> * Update integration kubernetes process to use leaf certificate with cluster.local Signed-off-by: joshvanl <me@joshvanl.dev> * Fix setting correct control plane trust domain on daprd Signed-off-by: joshvanl <me@joshvanl.dev> * Remove SENTRY_LOCAL_IDENTITY form expected env var Signed-off-by: joshvanl <me@joshvanl.dev> * Fix control plane trust domain setting in test Signed-off-by: joshvanl <me@joshvanl.dev> * Fixes int version skew tests using legacy client/server Signed-off-by: joshvanl <me@joshvanl.dev> * Fix int version-skew patch on v1.13.0 Signed-off-by: joshvanl <me@joshvanl.dev> * Use correct namespace for sentry in injector integration tests Signed-off-by: joshvanl <me@joshvanl.dev> --------- Signed-off-by: joshvanl <me@joshvanl.dev> Co-authored-by: Dapr Bot <56698301+dapr-bot@users.noreply.github.com> Co-authored-by: Yaron Schneider <schneider.yaron@live.com>
…IRE TLS clients and servers. (dapr#7037) * Removes legacy SPIFFE TLS clients and servers in favour of the new SPIRE TLS clients and servers. Signed-off-by: joshvanl <me@joshvanl.dev> * Fix sentry int tests, and adds test to ensure legacy ID is not longer accepted Signed-off-by: joshvanl <me@joshvanl.dev> * String match on sentry Kubernetes validator longname test Signed-off-by: joshvanl <me@joshvanl.dev> * Fix namespace of sentry in operator tests Signed-off-by: joshvanl <me@joshvanl.dev> * Linting Signed-off-by: joshvanl <me@joshvanl.dev> * Update integration kubernetes process to use leaf certificate with cluster.local Signed-off-by: joshvanl <me@joshvanl.dev> * Fix setting correct control plane trust domain on daprd Signed-off-by: joshvanl <me@joshvanl.dev> * Remove SENTRY_LOCAL_IDENTITY form expected env var Signed-off-by: joshvanl <me@joshvanl.dev> * Fix control plane trust domain setting in test Signed-off-by: joshvanl <me@joshvanl.dev> * Fixes int version skew tests using legacy client/server Signed-off-by: joshvanl <me@joshvanl.dev> * Fix int version-skew patch on v1.13.0 Signed-off-by: joshvanl <me@joshvanl.dev> * Use correct namespace for sentry in injector integration tests Signed-off-by: joshvanl <me@joshvanl.dev> --------- Signed-off-by: joshvanl <me@joshvanl.dev> Co-authored-by: Dapr Bot <56698301+dapr-bot@users.noreply.github.com> Co-authored-by: Yaron Schneider <schneider.yaron@live.com> Signed-off-by: Joey Freeland <joey@free.land>
E2E tests are currently failing on N-2 version skew, though it was my understanding that this was best effort and not guaranteed. Perhaps we need to be skipping this test for now.
Part of #5756