Loading...

XML

Word

Printable

Type: Epic
Resolution: Unresolved
Priority: Critical
Fix Version/s: None
Affects Version/s: None
Component/s: None
Labels:
None

Epic Name:
CI implementation: Create TLS artifacts registry
Work Type:
Strategic Product Work
Story Points:
5
Blocked:
False
Blocked Reason:
None
Ready:
False
Color Status:
Not Selected
Epic Status:
To Do
Feature Link:
OCPSTRAT-709 - [internal] All OCP internal certificate chains must have clear ownership
Hierarchy Progress Bar:

75% To Do, 25% In Progress, 0% Done

SFDC Cases Links:
SFDC Cases Counter:
SFDC Cases Open:

Intelligence Requested:
Market:

Epic Goal

This is the epic tracking the work to collect a list of TLS artifacts (certificates, keys and CA bundles).

This list will contain a set of required an optional metadata. Required metadata examples are ownership (name of Jira component) and ability to auto-regenerate certificate after it has expired while offline. In most cases metadata can be set via annotations to secret/configmap containing the TLS artifact.

Components not meeting the required metadata will fail CI - i.e. when a pull request makes a component create a new secret, the secret is expected to have all necessary metadata present to pass CI.

This PR will enforce it WIP API-1789: make TLS registry tests required

links to

openshift/hypershift#5355: OCPBUGS-48506: Set ownership annotations for TLS artifacts

openshift/origin#28868: API-1789: update-tls-artifacts: ondisk metadata updates, techpreview data

openshift/origin#29074: WIP API-1789: make TLS registry tests required

openshift/origin#29090: API-1789: tls artifacts: list ondisk locations alongside secret/configmaps

openshift/origin#29171: API-1789: tls: add /etc/kubernetes/kubeconfig to known CA bundles