Uploaded image for project: 'Red Hat Advanced Cluster Management'
  1. Red Hat Advanced Cluster Management
  2. ACM-13260

Support verification of the hub API server certification using the system trust store

XMLWordPrintable

    • Support verification of the hub API server certification using the system trust store
    • False
    • None
    • False
    • Green
    • To Do
    • 0% To Do, 0% In Progress, 100% Done

      Epic Goal

      When importing a managed cluster, ACM usually auto-detects the CA certificate of the hub Kube API server and creates a CA bundle for the klusterlet/add-on agents to communicate with the hub Kube API server. However, the auto-detection may not always obtain the correct CA certificates (bug: ACM-12962, customer support case: 03888069). It's necessary to allow user to specify the CA bundle.

      Since ACM 2.10, it is supported to specify the klusterlet CA bundle in the KlusterletConfig API, but it's not possible to use the system trust store to verify the server certificate. This is useful for server certificate signed with known certificate authority (CA), like Let's Encrypt.

      Why is this important?

      ...

      Scenarios

      ...

      Acceptance Criteria

      ...

      Dependencies (internal and external)

      1. ...

      Previous Work (Optional):

      1. ...

      Open questions:

      Done Checklist

      • CI - CI is running, tests are automated and merged.
      • Release Enablement <link to Feature Enablement Presentation>
      • DEV - Upstream code and tests merged: <link to meaningful PR or GitHub
        Issue>
      • DEV - Upstream documentation merged: <link to meaningful PR or GitHub
        Issue>
      • DEV - Downstream build attached to advisory: <link to errata>
      • QE - Test plans in Polarion: <link or reference to Polarion>
      • QE - Automated tests merged: <link or reference to automated tests>
      • DOC - Doc issue opened with a completed template. Separate doc issue
        opened for any deprecation, removal, or any current known
        issue/troubleshooting removal from the doc, if applicable.

              leyan@redhat.com Le Yang
              leyan@redhat.com Le Yang
              Hui Chen Hui Chen
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated: