NO-ISSUE: Add DNS' core-rbac-proxy args and template TLS Cipher Suites & Min Version#6368
Open
pmtk wants to merge 3 commits intoopenshift:mainfrom
Open
NO-ISSUE: Add DNS' core-rbac-proxy args and template TLS Cipher Suites & Min Version#6368pmtk wants to merge 3 commits intoopenshift:mainfrom
pmtk wants to merge 3 commits intoopenshift:mainfrom
Conversation
openshift-ci-robot
added
the
jira/valid-reference
|
@pmtk: This pull request explicitly references no jira issue. DetailsIn response to this: Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
Note Reviews pausedIt looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the Use the following commands to manage reviews:
Use the checkboxes below for quick actions:
WalkthroughThis PR bumps nightly OpenShift release versions and many image SHA256 digests to 2026-03-17, adds TLSCipherSuites and TLSMinVersion to render parameters, centralizes kube-rbac-proxy TLS args in the DNS daemonset templating, and fixes hosts-related Helm templating for DNS. Changes
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~20 minutes ✨ Finishing Touches🧪 Generate unit tests (beta)
📝 Coding Plan
Comment |
openshift-ci
bot
added
the
approved
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@scripts/auto-rebase/rebase.sh`:
- Line 766: The arg entry in the yq invocation currently embeds quotes around
the TLS cipher placeholder; update the args array in the yq command that sets
containers[1].args (the line containing '--tls-cipher-suites=\"{{
.TLSCipherSuites }}\"') to use an unquoted placeholder '--tls-cipher-suites={{
.TLSCipherSuites }}' instead, and make the same change in the checked-in
manifest assets/components/openshift-dns/dns/daemonset.yaml (the daemonset args
line around the TLS cipher setting) so kube-rbac-proxy does not receive literal
quote characters.
ℹ️ Review info
⚙️ Run configuration
Configuration used: Repository YAML (base), Organization UI (inherited)
Review profile: CHILL
Plan: Pro
Run ID: 1434d150-12c0-499e-99e5-81f7e6fb4fac
⛔ Files ignored due to path filters (5)
etcd/go.sumis excluded by!**/*.sumetcd/vendor/github.com/openshift/api/config/v1/types_apiserver.gois excluded by!**/vendor/**etcd/vendor/github.com/openshift/api/config/v1/zz_generated.featuregated-crd-manifests.yamlis excluded by!**/vendor/**etcd/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.gois excluded by!**/vendor/**etcd/vendor/modules.txtis excluded by!**/vendor/**
📒 Files selected for processing (21)
Makefile.version.aarch64.varMakefile.version.x86_64.varassets/components/multus/kustomization.aarch64.yamlassets/components/multus/kustomization.x86_64.yamlassets/components/multus/release-multus-aarch64.jsonassets/components/multus/release-multus-x86_64.jsonassets/components/openshift-dns/dns/daemonset.yamlassets/optional/operator-lifecycle-manager/kustomization.aarch64.yamlassets/optional/operator-lifecycle-manager/kustomization.x86_64.yamlassets/optional/operator-lifecycle-manager/release-olm-aarch64.jsonassets/optional/operator-lifecycle-manager/release-olm-x86_64.jsonassets/release/release-aarch64.jsonassets/release/release-x86_64.jsonetcd/go.modpackaging/crio.conf.d/10-microshift_amd64.confpackaging/crio.conf.d/10-microshift_arm64.confpkg/components/render.goscripts/auto-rebase/changelog.txtscripts/auto-rebase/commits.txtscripts/auto-rebase/last_rebase.shscripts/auto-rebase/rebase.sh
pmtk
force-pushed
the
dns-pod-kube-rbac-proxy-fix-args
branch
from
fbcf67c to
5f80861
Compare
pmtk
changed the title
There was a problem hiding this comment.
♻️ Duplicate comments (1)
scripts/auto-rebase/rebase.sh (1)
766-766:⚠️ Potential issue | 🔴 CriticalRemove embedded quotes from templated TLS flag values.
At Line 766,
--tls-cipher-suites=\"{{ .TLSCipherSuites }}\"and--tls-min-version=\"{{ .TLSMinVersion }}\"pass literal"characters in argv; kube-rbac-proxy may treat these as invalid flag values.Proposed fix
-yq -i '.spec.template.spec.containers[1].args = ["--logtostderr", "--secure-listen-address=:9154", "--tls-cipher-suites=\"{{ .TLSCipherSuites }}\"", "--tls-min-version=\"{{ .TLSMinVersion }}\"", "--upstream=http://127.0.0.1:9153/", "--tls-cert-file=/etc/tls/private/tls.crt", "--tls-private-key-file=/etc/tls/private/tls.key"]' "${REPOROOT}"/assets/components/openshift-dns/dns/daemonset.yaml +yq -i '.spec.template.spec.containers[1].args = ["--logtostderr", "--secure-listen-address=:9154", "--tls-cipher-suites={{ .TLSCipherSuites }}", "--tls-min-version={{ .TLSMinVersion }}", "--upstream=http://127.0.0.1:9153/", "--tls-cert-file=/etc/tls/private/tls.crt", "--tls-private-key-file=/etc/tls/private/tls.key"]' "${REPOROOT}"/assets/components/openshift-dns/dns/daemonset.yaml- - --tls-cipher-suites="{{ .TLSCipherSuites }}" - - --tls-min-version="{{ .TLSMinVersion }}" + - --tls-cipher-suites={{ .TLSCipherSuites }} + - --tls-min-version={{ .TLSMinVersion }}As per coding guidelines, "-Focus on major issues impacting performance, readability, maintainability and security. Avoid nitpicks and avoid verbosity."
#!/bin/bash set -euo pipefail python3 - <<'PY' from pathlib import Path checks = { "scripts/auto-rebase/rebase.sh": [ '--tls-cipher-suites=\\"{{ .TLSCipherSuites }}\\"', '--tls-min-version=\\"{{ .TLSMinVersion }}\\"', ], "assets/components/openshift-dns/dns/daemonset.yaml": [ '--tls-cipher-suites="{{ .TLSCipherSuites }}"', '--tls-min-version="{{ .TLSMinVersion }}"', ], } bad = False for path, needles in checks.items(): text = Path(path).read_text() for needle in needles: if needle in text: print(f"BAD {path}: found quoted TLS placeholder: {needle}") bad = True else: print(f"OK {path}: not found {needle}") if bad: raise SystemExit(1) PY🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@scripts/auto-rebase/rebase.sh` at line 766, The yq command is inserting literal quote characters into the kube-rbac-proxy argv for the container; update the args array assignment in the yq invocation so the TLS placeholders are not wrapped in embedded quotes—replace "--tls-cipher-suites=\"{{ .TLSCipherSuites }}\"" and "--tls-min-version=\"{{ .TLSMinVersion }}\"" with unquoted flag values like "--tls-cipher-suites={{ .TLSCipherSuites }}" and "--tls-min-version={{ .TLSMinVersion }}" (leave the rest of the args and the containers[1].args assignment intact).
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Duplicate comments:
In `@scripts/auto-rebase/rebase.sh`:
- Line 766: The yq command is inserting literal quote characters into the
kube-rbac-proxy argv for the container; update the args array assignment in the
yq invocation so the TLS placeholders are not wrapped in embedded quotes—replace
"--tls-cipher-suites=\"{{ .TLSCipherSuites }}\"" and "--tls-min-version=\"{{
.TLSMinVersion }}\"" with unquoted flag values like "--tls-cipher-suites={{
.TLSCipherSuites }}" and "--tls-min-version={{ .TLSMinVersion }}" (leave the
rest of the args and the containers[1].args assignment intact).
ℹ️ Review info
⚙️ Run configuration
Configuration used: Repository YAML (base), Organization UI (inherited)
Review profile: CHILL
Plan: Pro
Run ID: c3cb03e1-0cb9-4cbf-8b7a-970769dd21d5
⛔ Files ignored due to path filters (5)
etcd/go.sumis excluded by!**/*.sumetcd/vendor/github.com/openshift/api/config/v1/types_apiserver.gois excluded by!**/vendor/**etcd/vendor/github.com/openshift/api/config/v1/zz_generated.featuregated-crd-manifests.yamlis excluded by!**/vendor/**etcd/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.gois excluded by!**/vendor/**etcd/vendor/modules.txtis excluded by!**/vendor/**
📒 Files selected for processing (21)
Makefile.version.aarch64.varMakefile.version.x86_64.varassets/components/multus/kustomization.aarch64.yamlassets/components/multus/kustomization.x86_64.yamlassets/components/multus/release-multus-aarch64.jsonassets/components/multus/release-multus-x86_64.jsonassets/components/openshift-dns/dns/daemonset.yamlassets/optional/operator-lifecycle-manager/kustomization.aarch64.yamlassets/optional/operator-lifecycle-manager/kustomization.x86_64.yamlassets/optional/operator-lifecycle-manager/release-olm-aarch64.jsonassets/optional/operator-lifecycle-manager/release-olm-x86_64.jsonassets/release/release-aarch64.jsonassets/release/release-x86_64.jsonetcd/go.modpackaging/crio.conf.d/10-microshift_amd64.confpackaging/crio.conf.d/10-microshift_arm64.confpkg/components/render.goscripts/auto-rebase/changelog.txtscripts/auto-rebase/commits.txtscripts/auto-rebase/last_rebase.shscripts/auto-rebase/rebase.sh
🚧 Files skipped from review as they are similar to previous changes (11)
- assets/components/multus/release-multus-x86_64.json
- Makefile.version.aarch64.var
- packaging/crio.conf.d/10-microshift_amd64.conf
- assets/release/release-aarch64.json
- assets/components/multus/kustomization.x86_64.yaml
- assets/optional/operator-lifecycle-manager/kustomization.x86_64.yaml
- packaging/crio.conf.d/10-microshift_arm64.conf
- assets/optional/operator-lifecycle-manager/release-olm-aarch64.json
- assets/components/multus/kustomization.aarch64.yaml
- pkg/components/render.go
- assets/optional/operator-lifecycle-manager/kustomization.aarch64.yaml
pmtk
force-pushed
the
dns-pod-kube-rbac-proxy-fix-args
branch
from
5f80861 to
51bd19c
Compare
There was a problem hiding this comment.
♻️ Duplicate comments (1)
scripts/auto-rebase/rebase.sh (1)
766-766:⚠️ Potential issue | 🔴 CriticalRemove embedded quotes from TLS flag values (still unresolved).
On Line 766, the templated values are wrapped in quotes inside the arg strings. These quotes are passed literally to
kube-rbac-proxy, which can break TLS flag parsing (tls-cipher-suites/tls-min-version). This also propagates toassets/components/openshift-dns/dns/daemonset.yaml(Line 86-87).Proposed fix
diff --git a/scripts/auto-rebase/rebase.sh b/scripts/auto-rebase/rebase.sh @@ - yq -i '.spec.template.spec.containers[1].args = ["--logtostderr", "--secure-listen-address=:9154", "--tls-cipher-suites=\"{{ .TLSCipherSuites }}\"", "--tls-min-version=\"{{ .TLSMinVersion }}\"", "--upstream=http://127.0.0.1:9153/", "--tls-cert-file=/etc/tls/private/tls.crt", "--tls-private-key-file=/etc/tls/private/tls.key"]' "${REPOROOT}"/assets/components/openshift-dns/dns/daemonset.yaml + yq -i '.spec.template.spec.containers[1].args = ["--logtostderr", "--secure-listen-address=:9154", "--tls-cipher-suites={{ .TLSCipherSuites }}", "--tls-min-version={{ .TLSMinVersion }}", "--upstream=http://127.0.0.1:9153/", "--tls-cert-file=/etc/tls/private/tls.crt", "--tls-private-key-file=/etc/tls/private/tls.key"]' "${REPOROOT}"/assets/components/openshift-dns/dns/daemonset.yaml diff --git a/assets/components/openshift-dns/dns/daemonset.yaml b/assets/components/openshift-dns/dns/daemonset.yaml @@ - - --tls-cipher-suites="{{ .TLSCipherSuites }}" - - --tls-min-version="{{ .TLSMinVersion }}" + - --tls-cipher-suites={{ .TLSCipherSuites }} + - --tls-min-version={{ .TLSMinVersion }}#!/bin/bash set -euo pipefail python3 - <<'PY' from pathlib import Path checks = { "scripts/auto-rebase/rebase.sh": [ '--tls-cipher-suites=\\"{{ .TLSCipherSuites }}\\"', '--tls-min-version=\\"{{ .TLSMinVersion }}\\"', ], "assets/components/openshift-dns/dns/daemonset.yaml": [ '--tls-cipher-suites="{{ .TLSCipherSuites }}"', '--tls-min-version="{{ .TLSMinVersion }}"', ], } bad = [] for path, needles in checks.items(): text = Path(path).read_text() for needle in needles: if needle in text: bad.append((path, needle)) print(f"BAD {path}: found {needle}") else: print(f"OK {path}: {needle} not found") if bad: raise SystemExit(1) PY🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@scripts/auto-rebase/rebase.sh` at line 766, The yq command that sets .spec.template.spec.containers[1].args includes embedded quoted templated values for --tls-cipher-suites and --tls-min-version (the --tls-cipher-suites=\"{{ .TLSCipherSuites }}\" and --tls-min-version=\"{{ .TLSMinVersion }}\" strings); remove the inner quotes so the args become --tls-cipher-suites={{ .TLSCipherSuites }} and --tls-min-version={{ .TLSMinVersion }} in the yq invocation (the same change must be applied where these flags end up in the daemonset.yaml) to avoid passing literal quotes to kube-rbac-proxy.
🧹 Nitpick comments (1)
assets/optional/operator-lifecycle-manager/kustomization.x86_64.yaml (1)
19-24: Consider reducing digest duplication in patch env values.These values repeat digests already defined in
images; using a single source during generation would reduce future drift risk.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@assets/optional/operator-lifecycle-manager/kustomization.x86_64.yaml` around lines 19 - 24, The patch is duplicating image digests in the env value for OLM_IMAGE instead of referencing the canonical entry in the images section; update the kustomization so the OLM_IMAGE env var is generated from (or references) the single source of truth used in the images list (remove the hard-coded digest under path /spec/template/spec/containers/0/env/- and set OLM_IMAGE to use the image name/entry from images), ensuring the env variable points to that image entry rather than repeating the sha256 string.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Duplicate comments:
In `@scripts/auto-rebase/rebase.sh`:
- Line 766: The yq command that sets .spec.template.spec.containers[1].args
includes embedded quoted templated values for --tls-cipher-suites and
--tls-min-version (the --tls-cipher-suites=\"{{ .TLSCipherSuites }}\" and
--tls-min-version=\"{{ .TLSMinVersion }}\" strings); remove the inner quotes so
the args become --tls-cipher-suites={{ .TLSCipherSuites }} and
--tls-min-version={{ .TLSMinVersion }} in the yq invocation (the same change
must be applied where these flags end up in the daemonset.yaml) to avoid passing
literal quotes to kube-rbac-proxy.
---
Nitpick comments:
In `@assets/optional/operator-lifecycle-manager/kustomization.x86_64.yaml`:
- Around line 19-24: The patch is duplicating image digests in the env value for
OLM_IMAGE instead of referencing the canonical entry in the images section;
update the kustomization so the OLM_IMAGE env var is generated from (or
references) the single source of truth used in the images list (remove the
hard-coded digest under path /spec/template/spec/containers/0/env/- and set
OLM_IMAGE to use the image name/entry from images), ensuring the env variable
points to that image entry rather than repeating the sha256 string.
ℹ️ Review info
⚙️ Run configuration
Configuration used: Repository YAML (base), Organization UI (inherited)
Review profile: CHILL
Plan: Pro
Run ID: 9d00cb19-210f-4bbc-9444-e8a4de66f69e
⛔ Files ignored due to path filters (5)
etcd/go.sumis excluded by!**/*.sumetcd/vendor/github.com/openshift/api/config/v1/types_apiserver.gois excluded by!**/vendor/**etcd/vendor/github.com/openshift/api/config/v1/zz_generated.featuregated-crd-manifests.yamlis excluded by!**/vendor/**etcd/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.gois excluded by!**/vendor/**etcd/vendor/modules.txtis excluded by!**/vendor/**
📒 Files selected for processing (22)
Makefile.version.aarch64.varMakefile.version.x86_64.varassets/components/multus/kustomization.aarch64.yamlassets/components/multus/kustomization.x86_64.yamlassets/components/multus/release-multus-aarch64.jsonassets/components/multus/release-multus-x86_64.jsonassets/components/openshift-dns/dns/daemonset.yamlassets/optional/operator-lifecycle-manager/kustomization.aarch64.yamlassets/optional/operator-lifecycle-manager/kustomization.x86_64.yamlassets/optional/operator-lifecycle-manager/release-olm-aarch64.jsonassets/optional/operator-lifecycle-manager/release-olm-x86_64.jsonassets/release/release-aarch64.jsonassets/release/release-x86_64.jsonetcd/go.modpackaging/crio.conf.d/10-microshift_amd64.confpackaging/crio.conf.d/10-microshift_arm64.confpkg/components/render.goscripts/auto-rebase/changelog.txtscripts/auto-rebase/commits.txtscripts/auto-rebase/last_rebase.shscripts/auto-rebase/manifests_patches/020-dns-daemonset.patchscripts/auto-rebase/rebase.sh
🚧 Files skipped from review as they are similar to previous changes (11)
- assets/components/multus/kustomization.x86_64.yaml
- Makefile.version.aarch64.var
- pkg/components/render.go
- assets/components/multus/release-multus-aarch64.json
- assets/optional/operator-lifecycle-manager/release-olm-aarch64.json
- assets/optional/operator-lifecycle-manager/kustomization.aarch64.yaml
- assets/release/release-aarch64.json
- assets/components/multus/kustomization.aarch64.yaml
- Makefile.version.x86_64.var
- packaging/crio.conf.d/10-microshift_arm64.conf
- packaging/crio.conf.d/10-microshift_amd64.conf
pmtk
force-pushed
the
dns-pod-kube-rbac-proxy-fix-args
branch
from
51bd19c to
bfcedff
Compare
There was a problem hiding this comment.
♻️ Duplicate comments (1)
scripts/auto-rebase/rebase.sh (1)
766-766:⚠️ Potential issue | 🟠 MajorDrop embedded quotes in TLS placeholder args.
kube-rbac-proxygets args verbatim; these escaped quotes produce literal"around templated TLS values, which can break flag parsing or enforce unintended TLS settings.Proposed fix
- yq -i '.spec.template.spec.containers[1].args = ["--logtostderr", "--secure-listen-address=:9154", "--tls-cipher-suites=\"{{ .TLSCipherSuites }}\"", "--tls-min-version=\"{{ .TLSMinVersion }}\"", "--upstream=http://127.0.0.1:9153/", "--tls-cert-file=/etc/tls/private/tls.crt", "--tls-private-key-file=/etc/tls/private/tls.key"]' "${REPOROOT}"/assets/components/openshift-dns/dns/daemonset.yaml + yq -i '.spec.template.spec.containers[1].args = ["--logtostderr", "--secure-listen-address=:9154", "--tls-cipher-suites={{ .TLSCipherSuites }}", "--tls-min-version={{ .TLSMinVersion }}", "--upstream=http://127.0.0.1:9153/", "--tls-cert-file=/etc/tls/private/tls.crt", "--tls-private-key-file=/etc/tls/private/tls.key"]' "${REPOROOT}"/assets/components/openshift-dns/dns/daemonset.yamlVerification (should fail now, pass after fix in both files):
#!/bin/bash set -euo pipefail python3 - <<'PY' from pathlib import Path checks = { "scripts/auto-rebase/rebase.sh": [ '--tls-cipher-suites=\\"{{ .TLSCipherSuites }}\\"', '--tls-min-version=\\"{{ .TLSMinVersion }}\\"', ], "assets/components/openshift-dns/dns/daemonset.yaml": [ '--tls-cipher-suites="{{ .TLSCipherSuites }}"', '--tls-min-version="{{ .TLSMinVersion }}"', ], } bad = False for path, needles in checks.items(): text = Path(path).read_text() for needle in needles: if needle in text: print(f"BAD {path}: found quoted placeholder -> {needle}") bad = True else: print(f"OK {path}: not found -> {needle}") if bad: raise SystemExit(1) PYAs per coding guidelines, "Focus on major issues impacting performance, readability, maintainability and security. Avoid nitpicks and avoid verbosity."
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@scripts/auto-rebase/rebase.sh` at line 766, The kube-rbac-proxy args include escaped/embedded quotes around templated TLS placeholders which cause literal quotes to be passed; update the yq args invocation that currently sets "--tls-cipher-suites=\"{{ .TLSCipherSuites }}\"" and "--tls-min-version=\"{{ .TLSMinVersion }}\"" to remove the embedded quotes (use --tls-cipher-suites={{ .TLSCipherSuites }} and --tls-min-version={{ .TLSMinVersion }}), and make the matching change in the daemonset YAML so the args are --tls-cipher-suites="{{ .TLSCipherSuites }}" and --tls-min-version="{{ .TLSMinVersion }}" without extra escaping, ensuring the final rendered flags do not contain literal " characters.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Duplicate comments:
In `@scripts/auto-rebase/rebase.sh`:
- Line 766: The kube-rbac-proxy args include escaped/embedded quotes around
templated TLS placeholders which cause literal quotes to be passed; update the
yq args invocation that currently sets "--tls-cipher-suites=\"{{
.TLSCipherSuites }}\"" and "--tls-min-version=\"{{ .TLSMinVersion }}\"" to
remove the embedded quotes (use --tls-cipher-suites={{ .TLSCipherSuites }} and
--tls-min-version={{ .TLSMinVersion }}), and make the matching change in the
daemonset YAML so the args are --tls-cipher-suites="{{ .TLSCipherSuites }}" and
--tls-min-version="{{ .TLSMinVersion }}" without extra escaping, ensuring the
final rendered flags do not contain literal " characters.
ℹ️ Review info
⚙️ Run configuration
Configuration used: Repository YAML (base), Organization UI (inherited)
Review profile: CHILL
Plan: Pro
Run ID: ed641a11-c8df-47b8-ab69-c9f5c3801c7b
⛔ Files ignored due to path filters (5)
etcd/go.sumis excluded by!**/*.sumetcd/vendor/github.com/openshift/api/config/v1/types_apiserver.gois excluded by!**/vendor/**etcd/vendor/github.com/openshift/api/config/v1/zz_generated.featuregated-crd-manifests.yamlis excluded by!**/vendor/**etcd/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.gois excluded by!**/vendor/**etcd/vendor/modules.txtis excluded by!**/vendor/**
📒 Files selected for processing (22)
Makefile.version.aarch64.varMakefile.version.x86_64.varassets/components/multus/kustomization.aarch64.yamlassets/components/multus/kustomization.x86_64.yamlassets/components/multus/release-multus-aarch64.jsonassets/components/multus/release-multus-x86_64.jsonassets/components/openshift-dns/dns/daemonset.yamlassets/optional/operator-lifecycle-manager/kustomization.aarch64.yamlassets/optional/operator-lifecycle-manager/kustomization.x86_64.yamlassets/optional/operator-lifecycle-manager/release-olm-aarch64.jsonassets/optional/operator-lifecycle-manager/release-olm-x86_64.jsonassets/release/release-aarch64.jsonassets/release/release-x86_64.jsonetcd/go.modpackaging/crio.conf.d/10-microshift_amd64.confpackaging/crio.conf.d/10-microshift_arm64.confpkg/components/render.goscripts/auto-rebase/changelog.txtscripts/auto-rebase/commits.txtscripts/auto-rebase/last_rebase.shscripts/auto-rebase/manifests_patches/020-dns-daemonset.patchscripts/auto-rebase/rebase.sh
🚧 Files skipped from review as they are similar to previous changes (11)
- packaging/crio.conf.d/10-microshift_amd64.conf
- pkg/components/render.go
- assets/components/multus/release-multus-x86_64.json
- assets/components/multus/kustomization.aarch64.yaml
- assets/components/multus/release-multus-aarch64.json
- scripts/auto-rebase/last_rebase.sh
- assets/components/openshift-dns/dns/daemonset.yaml
- assets/optional/operator-lifecycle-manager/release-olm-x86_64.json
- assets/optional/operator-lifecycle-manager/kustomization.x86_64.yaml
- scripts/auto-rebase/manifests_patches/020-dns-daemonset.patch
- Makefile.version.aarch64.var
Contributor
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: pacevedom, pmtk The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Contributor
|
/test test-rebase |
Contributor
|
New changes are detected. LGTM label has been removed. |
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@assets/components/openshift-dns/dns/daemonset.yaml`:
- Around line 83-90: The --tls-cipher-suites argument is currently quoted
(`--tls-cipher-suites="{{ .TLSCipherSuites }}"`) which embeds literal double
quotes into the value passed to kube-rbac-proxy; remove the embedded quotes so
the arg reads `--tls-cipher-suites={{ .TLSCipherSuites }}` to pass the cipher
names raw. Locate the args block (the list containing --secure-listen-address,
--tls-min-version, etc.) and update the `--tls-cipher-suites` entry accordingly;
no other changes to surrounding args are needed.
ℹ️ Review info
⚙️ Run configuration
Configuration used: Repository YAML (base), Organization UI (inherited)
Review profile: CHILL
Plan: Pro
Run ID: 662e6115-442c-46cd-a895-45b6971acb47
📒 Files selected for processing (2)
assets/components/openshift-dns/dns/daemonset.yamlscripts/auto-rebase/rebase.sh
🚧 Files skipped from review as they are similar to previous changes (1)
- scripts/auto-rebase/rebase.sh
pmtk
force-pushed
the
dns-pod-kube-rbac-proxy-fix-args
branch
from
3f0d198 to
6d4927a
Compare
Contributor
|
@pmtk: The following test failed, say
Full PR test history. Your PR dashboard. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.