Uploaded image for project: 'Red Hat Advanced Cluster Management'
  1. Red Hat Advanced Cluster Management
  2. ACM-1928

ACM should offer any facilities to handle API server and ingress certificate provisioning for clusters.

XMLWordPrintable

    • Icon: Feature Feature
    • Resolution: Unresolved
    • Icon: Major Major
    • None
    • ACM 2.7.0
    • Security
    • None
    • False
    • None
    • False
    • Not Selected

      This feature request comes from https://issues.redhat.com/browse/ACM-1700 which is hypershift specific feature request from the service delivery team. The purpose of this feature request is more generic for all hive, baremetal and hypershift clusters ACM creates.

       

      ACM should provide a way to provision and manage of TLS certificates for API server and Ingress for the clusters it creates by integration with cert-manager.

       

      Additional Context:

      • When we use the RH managed services to create a ROSA or OSD cluster, the cluster created automatically gets assigned a signed certificate.
      • ACM is used by customers to provide fleet management across the customer fleet, and OCP certificate management should be the same level as OCP version management across the fleet.
      • This basic management capability should be under the umbrella of cluster-lifecycle
        • cluster-lifecycle
          • OCP cluster provisioning
          • OCP version upgrade
          • OCP backup / restore / disaster recovery
          • OCP certificate management
          • OCP cluster SSO (idp-mgmt pattern in the past, but openshift-sso going forward, as an example)
      • The ask should be to come up with a pattern that can be used. Not necessarily a new controller.

      Requirements

      • ACM handles API server and Ingress TLS certificates provisioning and management by supporting integrations with cert-manager.

      Goals

      • ACM provisions and manages API server TLS (Lets Encrypt) certificates for hive, BM, hypershift managed clusters it creates.
      • ACM provisions and manages Ingress TLS (Lets Encrypt) certificates for hive, BM, hypershift managed clusters it creates.

      Additional References

              Unassigned Unassigned
              rokejungrh Roke Jung
              Nelson Jean Nelson Jean
              Christian Stark Christian Stark
              Votes:
              1 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated: