Uploaded image for project: 'Cert Manager support for Red Hat OpenShift'
  1. Cert Manager support for Red Hat OpenShift
  2. CM-607

Test "--acme-http01-solver-resource-*" flags as operator supported args

XMLWordPrintable

    • Icon: Story Story
    • Resolution: Done
    • Icon: Normal Normal
    • None
    • None
    • None
    • OAPE Sprint 274
    • 1

      Background

      There are 4 controller flags available to set the ACME solver pod's resources requests/limits: https://cert-manager.io/docs/cli/controller/

            --acme-http01-solver-resource-limits-cpu string        Defines the resource limits CPU size when spawning new ACME HTTP01 challenge solver pods. (default "100m")
            --acme-http01-solver-resource-limits-memory string     Defines the resource limits Memory size when spawning new ACME HTTP01 challenge solver pods. (default "64Mi")
            --acme-http01-solver-resource-request-cpu string       Defines the resource request CPU size when spawning new ACME HTTP01 challenge solver pods. (default "10m")
            --acme-http01-solver-resource-request-memory string    Defines the resource request Memory size when spawning new ACME HTTP01 challenge solver pods. (default "64Mi") 

      Upstream relevant code: https://github.com/cert-manager/cert-manager/blob/63b4706a2e27696bf580e346e47db7d502308c91/cmd/controller/app/options/options.go#L115-L125

      In the downstream they are not being listed as "supportedCertManagerArgs": https://github.com/openshift/cert-manager-operator/blob/e426926ebd46ec9db42d40bd615734fe0d7a596f/pkg/controller/deployment/deployment_overrides_validation.go#L26 That means users can not set these flags unless using "spec.unsupportedConfigOverrides" of the certmanager.operator object.

      Downstream turnon PR: https://github.com/openshift/cert-manager-operator/pull/240

      Acceptance criteria

      • Validate the values set via those flags can be correctly propagated into ACME solver pods, in the downstream supported approach.
      • Document one test case into the Polarion.
      • Ensure we have e2e test code to cover this scenario.
      • Ensure existing e2es not being broken.

              rh-ee-yuewu Yuedong Wu
              rh-ee-yuewu Yuedong Wu
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: