Adding --tls option to domain create command

[vyasgun]

Description

Support for TLS optionn in domain create using --tls flag

Changes

• Added the new flag
• Added unit tests for the new flag

Reference

Fixes #1408

[knative-prow-robot]

@vyasgun: 0 warnings.

In response to this:

Description

Support for TLS optionn in domain create

Changes

• Added the new flag
• Added unit tests for the new flag

Reference

Fixes #1408

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[codecov]

Codecov Report

Merging #1419 (053d265) into main (4691210) will increase coverage by 0.02%.
The diff coverage is 100.00%.

@@            Coverage Diff             @@
##             main    #1419      +/-   ##
==========================================
+ Coverage   78.68%   78.70%   +0.02%     
==========================================
  Files         162      162              
  Lines        8359     8368       +9     
==========================================
+ Hits         6577     6586       +9     
  Misses       1098     1098              
  Partials      684      684              

Impacted Files	Coverage Δ
pkg/kn/commands/domain/domain.go	95.45% <ø> (ø)
pkg/kn/commands/domain/create.go	79.48% <100.00%> (+3.01%)	⬆️
pkg/serving/v1alpha1/client.go	82.69% <100.00%> (+1.44%)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 4691210...053d265. Read the comment docs.

[dsimansk]

Thanks @vyasgun!
/lgtm

[maximilien]

Thanks for the contribution
/ok-to-test

[maximilien]

/lgtm

[rhuss]

Thanks, looks good to me ! I have some minor proposal wrt/ to naming, maybe we could change this so that we can add this PR to the upcoming release 0.25 (due today :) ?

[rhuss]

happy to keep it, but maybe certSecret would be more appropriate ?

[vyasgun]

I think tls might be better because it corresponds to the flag name (--tls).

[rhuss]

Thanks !

/approve
/lgtm

[rhuss]

/retest

Looks like there is some flake in the e2e tests, which might be due to recreating the same domain too fast after it has been deleted. @vyasgun good we adjust the test to use a different domain for the --tls test, so that we can avoid the race condition in the future ?

      ┣━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
        🦆 kn domain delete hello.example.com --namespace kne2etests12
        ┃ Domain mapping 'hello.example.com' deleted in namespace 'kne2etests12'.
        ┃ 
        ┣━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
        🦆 kn domain create hello.example.com --ref hello --tls tls-secret --namespace kne2etests12
        ┃ 
        🔥 Error: object is being deleted: domainmappings.serving.knative.dev "hello.example.com" already exists
        🔥 Run 'kn --help' for usage
        🔥 
        =================================================================

[dsimansk]

Thanks!

/approve
/lgtm

[knative-prow-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: dsimansk, rhuss, vyasgun

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [dsimansk,rhuss]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[rhuss]

The new error might be also a race condition, e.g. describe too quick after the domain has been created. I wonder whether we should also add a sync-wait when creating the domain in a future enhancement. For now, I would try to add some hardcoded delay between create and describe.

Also, I wonder whether the serving controller checks, if the referenced secret really exists (not sure if you have created in the test, too ?)

[vyasgun]

/retest

[dsimansk]

And maybe it's working well only for example.com? I wonder if newdomain.com shouldn't be rather e.g. new.example.com.

Because of ClusterDomainClaim???

[vyasgun]

@rhuss no it doesn't check if the secret exists. As per the referenced PR for the serving side change, the secret should be created if it doesn't exist. I haven't tested what happens in the backend but mentioning a TLS secret name in the spec changes the URL to https

[knative-metrics-robot]

The following is the coverage report on the affected files.
Say /test pull-knative-client-go-coverage to re-run this coverage report

File	Old Coverage	New Coverage	Delta
pkg/kn/commands/domain/create.go	85.2%	87.1%	1.9
pkg/serving/v1alpha1/client.go	88.4%	89.4%	1.0

[dsimansk]

/retest

[dsimansk]

/lgtm