Page MenuHomePhabricator
Create Task
Maniphest T286857

Update maintain-kubeusers to certificates/v1 api
Closed, ResolvedPublic
Actions

Description

Maintain-kubeusers is using certificates/v1beta1, it needs to be updated to certificates/v1 before updating to Kubernetes 1.22. As of T280300 the Python API bindings we were using unfortunately did not support that API yet.

Details

Related Changes in Gerrit:
SubjectRepoBranchLines +/-
Use stable certificates APIlabs/tools/maintain-kubeusersmaster+2 K -1 K
Customize query in gerrit

Related Objects
Search...

Event Timeline

taavi created this task.Jul 18 2021, 7:32 AM
nskaggs triaged this task as Low priority.Aug 10 2021, 4:25 PM
nskaggs raised the priority of this task from Low to Medium.
Bstorm subscribed.Aug 20 2021, 10:08 PM

certificates/v1 comes with some interesting problems. For one, you need to include the singerName field or it yells at you. Usually, that's just signerName: kubernetes.io/kube-apiserver-client affect. However, I'm not getting a certificate out the other side when I do that in toolsbeta. I don't know if that's because toolsbeta is broken or something else.

Bstorm added a subtask: T289390: Certificate generation is broken in toolsbeta.Aug 21 2021, 12:08 AM
Bstorm closed subtask T289390: Certificate generation is broken in toolsbeta as Resolved.Aug 21 2021, 12:22 AM
Bstorm mentioned this in T286856: Upgrade Toolforge Kubernetes to latest 1.22.Sep 30 2021, 7:05 PM
taavi claimed this task.Nov 8 2021, 3:50 PM

Turns out there is a new kubernetes-client/python release that at least appears to support the stable certificates v1 API.

gerritbot added a comment.Nov 8 2021, 4:03 PM

Change 737419 had a related patch set uploaded (by Majavah; author: Majavah):

[labs/tools/maintain-kubeusers@master] Use stable certificates API

https://gerrit.wikimedia.org/r/737419

gerritbot added a project: Patch-For-Review.Nov 8 2021, 4:03 PM
gerritbot added a comment.Nov 16 2021, 10:22 AM

Change 737419 merged by jenkins-bot:

[labs/tools/maintain-kubeusers@master] Use stable certificates API

https://gerrit.wikimedia.org/r/737419

Stashbot added a comment.Nov 16 2021, 10:28 AM

Mentioned in SAL (#wikimedia-cloud) [2021-11-16T10:28:29Z] <majavah> deploying maintain-kubeusers changes T286857

taavi closed this task as Resolved.Nov 16 2021, 10:32 AM
taavi mentioned this in rLTMK4ca41dcc19f0: Use stable certificates API.Nov 16 2021, 11:07 AM
Maintenance_bot removed a project: Patch-For-Review.Nov 16 2021, 11:10 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits