NO-JIRA: tls: update instructions on how to update TLS registry

[vrutkovs]

Add step-by-step instructions on how to update TLS registry

[openshift-ci-robot]

@vrutkovs: This pull request explicitly references no jira issue.

In response to this:

Add step-by-step instructions on how to update TLS registry

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: vrutkovs
Once this PR has been reviewed and has the lgtm label, please assign dennisperiquet for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[tmshort]

There are currently files in tls/raw-data, does this process include updating those? i.e. should we overwrite the appropriate file with the rarwTLSInfo or add rawTLSInfo as a new file? Do we commit files from tls/raw-data? Or are they temporary?

[vrutkovs]

should we overwrite the appropriate file with the rarwTLSInfo or add rawTLSInfo as a new file?

Ideally you'd overwrite matching file if this adds a new certificate.

However, if you're updating metadata for existing file it needs to be consistent across other raw TLS files. This means you'd need to run all tests for all platforms and their techpreview variants.

Do we commit files from tls/raw-data? Or are they temporary?

Yes, these files need to be committed (so that make verify would check that reports / violations are generated correctly)

[openshift-ci]

@vrutkovs: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/okd-scos-e2e-aws-ovn	1cb6e64	link	false	/test okd-scos-e2e-aws-ovn
ci/prow/e2e-aws-ovn-single-node-upgrade	1cb6e64	link	false	/test e2e-aws-ovn-single-node-upgrade
ci/prow/e2e-aws-ovn-single-node	1cb6e64	link	false	/test e2e-aws-ovn-single-node
ci/prow/e2e-gcp-ovn-rt-upgrade	1cb6e64	link	false	/test e2e-gcp-ovn-rt-upgrade
ci/prow/e2e-metal-ipi-ovn	1cb6e64	link	false	/test e2e-metal-ipi-ovn
ci/prow/e2e-metal-ipi-ovn-kube-apiserver-rollout	1cb6e64	link	false	/test e2e-metal-ipi-ovn-kube-apiserver-rollout
ci/prow/e2e-openstack-ovn	1cb6e64	link	false	/test e2e-openstack-ovn
ci/prow/e2e-metal-ipi-ovn-ipv6	1cb6e64	link	true	/test e2e-metal-ipi-ovn-ipv6
ci/prow/e2e-gcp-ovn	1cb6e64	link	true	/test e2e-gcp-ovn

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

[openshift-trt]

Job Failure Risk Analysis for sha: 1cb6e64

Job Name	Failure Risk
pull-ci-openshift-origin-master-e2e-aws-ovn-single-node	Low [sig-node] static pods should start after being created This test has passed 71.83% of 142 runs on jobs [periodic-ci-openshift-release-master-nightly-4.19-e2e-aws-ovn-single-node] in the last 14 days.