Uploaded image for project: 'OpenShift API Server'
  1. OpenShift API Server
  2. API-1689

Create TLS artifacts registry

XMLWordPrintable

    • Icon: Epic Epic
    • Resolution: Unresolved
    • Icon: Critical Critical
    • None
    • None
    • None
    • Create TLS artifacts registry
    • Strategic Product Work
    • 13
    • False
    • None
    • False
    • Not Selected
    • In Progress
    • OCPSTRAT-709 - [internal] All OCP internal certificate chains must have clear ownership
    • 0% To Do, 25% In Progress, 75% Done
    • XL

      In order to keep track of existing certs/CA bundles and ensure that they adhere to requirements we need to have a TLS artifact registry setup.

      The registry would:

      • have a test which automatically collects existing certs/CA bundles from secrets/configmaps/files on disk
      • have a test which collects necessary metedata from them (from cert contents or annotations)
      • ensure that new certs match expected metadata and have necessary annotations on when a new cert is added

      Ref: API-1622

            [API-1689] Create TLS artifacts registry

            Ke Wang added a comment - - edited

            The registry would:
            *have a test which automatically collects existing certs/CA bundles from secrets/configmaps/files on disk
            *have a test which collects necessary metedata from them (from cert contents or annotations)
            *ensure that new certs match expected metadata and have necessary annotations on when a new cert is added

            Test code we can find in https://github.com/openshift/origin/blob/7f50ae312bf1ec5d971ca10f8a667c9866ca9dea/test/extended/operators/certs.go#L88

            Ke Wang added a comment - - edited The registry would: *have a test which automatically collects existing certs/CA bundles from secrets/configmaps/files on disk *have a test which collects necessary metedata from them (from cert contents or annotations) *ensure that new certs match expected metadata and have necessary annotations on when a new cert is added Test code we can find in https://github.com/openshift/origin/blob/7f50ae312bf1ec5d971ca10f8a667c9866ca9dea/test/extended/operators/certs.go#L88

            Ke Wang added a comment -

            Sippy overview for 4.18 tests

            Ke Wang added a comment - Sippy overview for 4.18 tests

            Vadim Rutkovsky added a comment -

            Yes, we have TLS artifact registry since 4.15

             

            Its however mostly internal and in the future will be used to generate customer-facing documentation at https://github.com/openshift/api/blob/master/tls/docs/

            Vadim Rutkovsky added a comment - Yes, we have TLS artifact registry since 4.15   Its however mostly internal and in the future will be used to generate customer-facing documentation at https://github.com/openshift/api/blob/master/tls/docs/

            Wei Sun added a comment -

            Will this still be shipped in 4.16?

            Wei Sun added a comment - Will this still be shipped in 4.16?

              vrutkovs@redhat.com Vadim Rutkovsky
              vrutkovs@redhat.com Vadim Rutkovsky
              Ke Wang Ke Wang
              Ramon Acedo Ramon Acedo
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

                Created:
                Updated: