Skip to content

Fix podman link tokens to use kubernetes.io/tls secrets#2523

Merged
AryanP123 merged 1 commit into
skupperproject:mainfrom
AryanP123:link-token-secret-type-fix
Jul 7, 2026
Merged

Fix podman link tokens to use kubernetes.io/tls secrets#2523
AryanP123 merged 1 commit into
skupperproject:mainfrom
AryanP123:link-token-secret-type-fix

Conversation

@AryanP123

@AryanP123 AryanP123 commented Jul 7, 2026

Copy link
Copy Markdown
Contributor

Fixes #2518

Summary by CodeRabbit

  • Bug Fixes
    • Newly created TLS secrets are now marked with the correct TLS type, improving compatibility with systems that validate secret formats.

@coderabbitai

coderabbitai Bot commented Jul 7, 2026

Copy link
Copy Markdown

Review Change Stack

📝 Walkthrough

Walkthrough

The loadCertAsSecretFrom function in fs_config_renderer.go now explicitly sets the generated Secret's Type field to corev1.SecretTypeTLS, instead of leaving it unset (defaulting to Opaque).

Changes

TLS Secret Type Fix

Layer / File(s) Summary
Set Secret type explicitly
internal/nonkube/common/fs_config_renderer.go
loadCertAsSecretFrom now sets Type: corev1.SecretTypeTLS on the created Secret instead of leaving it unset.

Estimated code review effort: 1 (Trivial) | ~2 minutes

Related issues: Fixes #2518 — kube-to-system site links failed because generated TLS credential secrets defaulted to type Opaque instead of kubernetes.io/tls, causing "TLS credentials secret not found" errors.

Suggested reviewers: skupperproject/skupper maintainers familiar with nonkube config rendering

🐰 A single line, a tiny hop,
Secret's type no longer Opaque-stop,
TLS now flows where links once broke,
One small fix, one clever poke.

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Linked Issues check ✅ Passed The change matches #2518 by setting the generated secret type to kubernetes.io/tls instead of leaving it Opaque.
Out of Scope Changes check ✅ Passed The PR is narrowly scoped to the secret type fix and introduces no unrelated changes.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title clearly matches the change: Podman link tokens now use kubernetes.io/tls secrets.

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@AryanP123 AryanP123 merged commit 172317c into skupperproject:main Jul 7, 2026
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Kube-to-System Site Links Broken: tlsCredentials Secret type Opaque not allowed

3 participants