explicitly specify port protocol field to allow server side apply #4050

longkai · 2021-05-22T08:53:26Z

What this PR does / why we need it:

Actually it's a k8s bug.

In order to allow server side apply in most running clusters currently, we have to explicitly specify port protocol field in yaml manifest.

Which issue this PR fixes: fixes #4020

Special notes for your reviewer:

This is the result after specifying the protocol field in the manifest:

$ k apply --server-side -f cert-manager.yaml
customresourcedefinition.apiextensions.k8s.io/certificaterequests.cert-manager.io serverside-applied
customresourcedefinition.apiextensions.k8s.io/certificates.cert-manager.io serverside-applied
customresourcedefinition.apiextensions.k8s.io/challenges.acme.cert-manager.io serverside-applied
customresourcedefinition.apiextensions.k8s.io/clusterissuers.cert-manager.io serverside-applied
customresourcedefinition.apiextensions.k8s.io/issuers.cert-manager.io serverside-applied
customresourcedefinition.apiextensions.k8s.io/orders.acme.cert-manager.io serverside-applied
namespace/cert-manager serverside-applied
serviceaccount/cert-manager-cainjector serverside-applied
serviceaccount/cert-manager serverside-applied
serviceaccount/cert-manager-webhook serverside-applied
clusterrole.rbac.authorization.k8s.io/cert-manager-cainjector serverside-applied
clusterrole.rbac.authorization.k8s.io/cert-manager-controller-issuers serverside-applied
clusterrole.rbac.authorization.k8s.io/cert-manager-controller-clusterissuers serverside-applied
clusterrole.rbac.authorization.k8s.io/cert-manager-controller-certificates serverside-applied
clusterrole.rbac.authorization.k8s.io/cert-manager-controller-orders serverside-applied
clusterrole.rbac.authorization.k8s.io/cert-manager-controller-challenges serverside-applied
clusterrole.rbac.authorization.k8s.io/cert-manager-controller-ingress-shim serverside-applied
clusterrole.rbac.authorization.k8s.io/cert-manager-view serverside-applied
clusterrole.rbac.authorization.k8s.io/cert-manager-edit serverside-applied
clusterrole.rbac.authorization.k8s.io/cert-manager-controller-approve:cert-manager-io serverside-applied
clusterrole.rbac.authorization.k8s.io/cert-manager-webhook:subjectaccessreviews serverside-applied
clusterrolebinding.rbac.authorization.k8s.io/cert-manager-cainjector serverside-applied
clusterrolebinding.rbac.authorization.k8s.io/cert-manager-controller-issuers serverside-applied
clusterrolebinding.rbac.authorization.k8s.io/cert-manager-controller-clusterissuers serverside-applied
clusterrolebinding.rbac.authorization.k8s.io/cert-manager-controller-certificates serverside-applied
clusterrolebinding.rbac.authorization.k8s.io/cert-manager-controller-orders serverside-applied
clusterrolebinding.rbac.authorization.k8s.io/cert-manager-controller-challenges serverside-applied
clusterrolebinding.rbac.authorization.k8s.io/cert-manager-controller-ingress-shim serverside-applied
clusterrolebinding.rbac.authorization.k8s.io/cert-manager-controller-approve:cert-manager-io serverside-applied
clusterrolebinding.rbac.authorization.k8s.io/cert-manager-webhook:subjectaccessreviews serverside-applied
role.rbac.authorization.k8s.io/cert-manager-cainjector:leaderelection serverside-applied
role.rbac.authorization.k8s.io/cert-manager:leaderelection serverside-applied
role.rbac.authorization.k8s.io/cert-manager-webhook:dynamic-serving serverside-applied
rolebinding.rbac.authorization.k8s.io/cert-manager-cainjector:leaderelection serverside-applied
rolebinding.rbac.authorization.k8s.io/cert-manager:leaderelection serverside-applied
rolebinding.rbac.authorization.k8s.io/cert-manager-webhook:dynamic-serving serverside-applied
service/cert-manager serverside-applied
service/cert-manager-webhook serverside-applied
deployment.apps/cert-manager-cainjector serverside-applied
deployment.apps/cert-manager serverside-applied
deployment.apps/cert-manager-webhook serverside-applied
mutatingwebhookconfiguration.admissionregistration.k8s.io/cert-manager-webhook serverside-applied
validatingwebhookconfiguration.admissionregistration.k8s.io/cert-manager-webhook serverside-applied

NONE

jetstack-bot · 2021-05-22T08:53:42Z

Hi @longkai. Thanks for your PR.

I'm waiting for a jetstack or cert-manager member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

Actually it's a [k8s bug](kubernetes/kubernetes@dab5112). In order to allow server side apply in most running clusters currently, we have to explicitly specify port `protocol` field in yaml manifest. Signed-off-by: longkai <im.longkai@gmail.com>

longkai · 2021-05-22T09:03:32Z

/assign @munnerz

longkai · 2021-06-28T04:31:48Z

@munnerz hello, is there any updates?

jakexks · 2021-08-04T09:59:09Z

/ok-to-test
/kind bug
/approve
/lgtm

jetstack-bot · 2021-08-04T09:59:26Z

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: jakexks, longkai

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

~~deploy/charts/cert-manager/OWNERS~~ [jakexks]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

longkai force-pushed the fix-ssa branch from 6f976d4 to 1e95a8e Compare May 22, 2021 08:57

jetstack-bot added dco-signoff: yes Indicates that all commits in the pull request have the valid DCO sign-off message. and removed dco-signoff: no Indicates that at least one commit in this pull request is missing the DCO sign-off message. labels May 22, 2021

jetstack-bot assigned munnerz May 22, 2021

jetstack-bot assigned jakexks Aug 4, 2021

jetstack-bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Aug 4, 2021

jetstack-bot merged commit 34cb511 into cert-manager:master Aug 4, 2021

jetstack-bot added this to the v1.5 milestone Aug 4, 2021

maelvls mentioned this pull request Mar 6, 2022

Retry on conflict for the end-to-end test "CA Injector for api services should update data when the certificate changes" #4925

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

explicitly specify port protocol field to allow server side apply #4050

explicitly specify port protocol field to allow server side apply #4050

longkai commented May 22, 2021 •

edited

jetstack-bot commented May 22, 2021

longkai commented May 22, 2021

longkai commented Jun 28, 2021

jakexks commented Aug 4, 2021

jetstack-bot commented Aug 4, 2021

explicitly specify port protocol field to allow server side apply #4050

explicitly specify port protocol field to allow server side apply #4050

Conversation

longkai commented May 22, 2021 • edited

jetstack-bot commented May 22, 2021

longkai commented May 22, 2021

longkai commented Jun 28, 2021

jakexks commented Aug 4, 2021

jetstack-bot commented Aug 4, 2021

longkai commented May 22, 2021 •

edited