Commit 4cb4db9
fix(manualapprovalgate): propagate TLS profile hash via TektonConfig
ManualApprovalGate is a standalone CR (not created by TektonConfig),
so it was never part of the platform-data-hash propagation chain.
When the cluster TLS profile changed, all other components updated
their webhook deployments automatically — but the MAG webhook stayed
stale, still showing the old TLS version and cipher suites.
Root cause: the InstallerSet client detects TLS changes via the
platform-data-hash annotation on the component CR. TektonConfig
writes this annotation onto every child CR it owns (TektonPipeline,
TektonChain, etc.) during PostReconcile. MAG was never wired in.
Fix: add propagateMAGPlatformData() called from TektonConfig's
OpenShiftExtension.PostReconcile(). It lists existing MAG CRs and
writes the current TLS profile hash into their platform-data-hash
annotation. The existing MAG controller informer then fires,
triggers a reconcile, and the webhook deployment is re-applied with
the correct TLS env vars.
This is best-effort and safe when MAG is not installed:
- no MAG CR present → list returns empty, loop is a no-op
- MAG CRD absent → list error is logged as a warning, PostReconcile
continues normally and TektonConfig reconciliation is unaffected
The proper long-term fix (integrate MAG as a full TektonConfig child
with ownerRef and spec field) is tracked in:
#3656
Relates-To: SRVKP-9613
Signed-off-by: Jawed khelil <jkhelil@redhat.com>
Assisted-by: Claude Sonnet 4.6 (via Cursor)
Co-authored-by: Cursor <cursoragent@cursor.com>1 parent 07beee0 commit 4cb4db9
1 file changed
Lines changed: 38 additions & 0 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
217 | 217 | | |
218 | 218 | | |
219 | 219 | | |
| 220 | + | |
| 221 | + | |
| 222 | + | |
| 223 | + | |
| 224 | + | |
| 225 | + | |
| 226 | + | |
| 227 | + | |
| 228 | + | |
220 | 229 | | |
221 | 230 | | |
222 | 231 | | |
223 | 232 | | |
224 | 233 | | |
| 234 | + | |
| 235 | + | |
| 236 | + | |
| 237 | + | |
| 238 | + | |
| 239 | + | |
| 240 | + | |
| 241 | + | |
| 242 | + | |
| 243 | + | |
| 244 | + | |
| 245 | + | |
| 246 | + | |
| 247 | + | |
| 248 | + | |
| 249 | + | |
| 250 | + | |
| 251 | + | |
| 252 | + | |
| 253 | + | |
| 254 | + | |
| 255 | + | |
| 256 | + | |
| 257 | + | |
| 258 | + | |
| 259 | + | |
| 260 | + | |
| 261 | + | |
| 262 | + | |
225 | 263 | | |
226 | 264 | | |
227 | 265 | | |
| |||
0 commit comments