Skip to content

Commit

Permalink
wait for client cert to become ready before getting etcd client (#269)
Browse files Browse the repository at this point in the history 
The test of etcd cluster with TLS and auth config fails frequently,
because the client certificate does not get created, before the etcd
cluster is up and running. This PR adds a step to wait for the client
cert to become ready, before executing the rest of the tests.

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

- **New Features**
- Reduced RSA private key sizes for various certificates to enhance
security.
- Added a new end-to-end test case to ensure readiness of TLS client
certificates before proceeding with cluster operations.

- **Bug Fixes**
- Improved test reliability by ensuring TLS certificates are ready
before stateful set readiness checks.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
  • Loading branch information
@lllamnyp
lllamnyp authored Oct 15, 2024
1 parent e00e6cb commit f0ec0a9
Show file tree
Hide file tree
Showing 2 changed files with 17 additions and 6 deletions.
12 changes: 6 additions & 6 deletions examples/manifests/etcdcluster-with-external-certificates.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,7 @@ spec:
secretName: ca-peer-secret
privateKey:
algorithm: RSA
size: 4096
size: 2048
issuerRef:
name: selfsigned-issuer
kind: Issuer
Expand All @@ -70,7 +70,7 @@ spec:
secretName: ca-server-secret
privateKey:
algorithm: RSA
size: 4096
size: 2048
issuerRef:
name: selfsigned-issuer
kind: Issuer
Expand All @@ -96,7 +96,7 @@ spec:
secretName: ca-client-secret
privateKey:
algorithm: RSA
size: 4096
size: 2048
issuerRef:
name: selfsigned-issuer
kind: Issuer
Expand Down Expand Up @@ -162,7 +162,7 @@ spec:
privateKey:
rotationPolicy: Always
algorithm: RSA
size: 4096
size: 2048
issuerRef:
name: ca-issuer-server
---
Expand Down Expand Up @@ -197,7 +197,7 @@ spec:
privateKey:
rotationPolicy: Always
algorithm: RSA
size: 4096
size: 2048
issuerRef:
name: ca-issuer-peer
---
Expand All @@ -216,7 +216,7 @@ spec:
privateKey:
rotationPolicy: Always
algorithm: RSA
size: 4096
size: 2048
issuerRef:
name: ca-issuer-client
kind: Issuer
11 changes: 11 additions & 0 deletions test/e2e/e2e_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -222,6 +222,17 @@ allowVolumeExpansion: true
ExpectWithOffset(1, err).NotTo(HaveOccurred())
})

Eventually(func() error {
cmd := exec.Command("kubectl", "wait",
"certificate/client-certificate",
"--for", "condition=Ready",
"--namespace", namespace,
"--timeout", "5m",
)
_, err = utils.Run(cmd)
return err
}, time.Second*20, time.Second*2).Should(Succeed(), "wait for client cert ready")

Eventually(func() error {
cmd := exec.Command("kubectl", "wait",
"statefulset/test",
Expand Down

0 comments on commit f0ec0a9

Please sign in to comment.