Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrading from v1.7 to v1.8 check command should exclude null. #899

Open
rbounds opened this issue Apr 6, 2022 · 3 comments · May be fixed by #1589
Open

Upgrading from v1.7 to v1.8 check command should exclude null. #899

rbounds opened this issue Apr 6, 2022 · 3 comments · May be fixed by #1589
Labels
priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release.

Comments

@rbounds
Copy link

rbounds commented Apr 6, 2022

blob/master/content/en/docs/installation/upgrading/upgrading-1.7-1.8.md includes instructions for checking for certs that need to be updated due to the validation of rotationPolicy.

When I actually run this I get many false positive results because the command does not exclude certs when rotationPolicy=null.

For example all of my certificates are created via the ingress shim which doesn't set this value.
@locomoco28
Copy link

In my case, all certificates I got have the rotationPolicy set to null. Are these safe to upgrade? I thought I now had to update all of them by specifying a rotation policy.

After looking in the API reference, I noticed that the key is optional. The migration instructions made it sound like I was required to specify something.

@nathan-c
Copy link

nathan-c commented May 4, 2022

I was also seeing a lot of certificates to update. The majority of my certificates were being created using annotations on Ingress objects which doesn't populate the privateKey property at all. I used the (slightly updated) command below to see only the certs that truly needed changing.

kubectl get cert -A -ojson | jq -r \                      
  '.items[] | select(.spec.privateKey) | select(.spec.privateKey.rotationPolicy | . != "Always" and . != "Never") | "\(.metadata.name) in namespace \(.metadata.namespace) has rotationPolicy=\(.spec.privateKey.rotationPolicy)"'

@inteon inteon linked a pull request Oct 15, 2024 that will close this issue
Open
@inteon
Copy link
Member

inteon commented Oct 15, 2024
edited
Loading

I created #1589 to apply your proposed changes.

@inteon inteon added the priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release. label Oct 15, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Apply change proposed in issue 899 inteon/cert-manager-website
4 participants
@rbounds @nathan-c @locomoco28 @inteon