-
Epic
-
Resolution: Unresolved
-
Critical
-
None
-
None
-
Corporate Certificates
-
False
-
None
-
False
-
Not Selected
-
To Do
-
SECFLOWOTL-28 - Openshift Builds in clusters with restricted networks
-
50% To Do, 0% In Progress, 50% Done
Epic Goal
Support use cases where a non-public certificate authority, aka a corporate certificate authority, is used in the build process.
Why is this important?
In enterprise environments, TLS certificates are often issued by a "corporate" certificate authority that is not globally trusted by RHEL. Actions that use TLS/HTTPS as transport (ex: cloning git source, pulling container images, downloading dependencies) need to be able to find and utilize the correct certificate authority.
Scenarios
- Cloning source code from a private git server
- Pulling container images from a private container registry
- Pulling dependencies from a private repository (ex: Artifactory).
Out of scope:
- mTLS between the build process and any "upstream" system (registry, git repository, etc.)
Acceptance Criteria (Mandatory)
- CI - MUST be running successfully with tests automated
- Release Technical Enablement - Provide necessary release enablement details and documents.
- ...
Dependencies (internal and external)
- ...
Previous Work (Optional):
- …
Open questions::
- …
Done Checklist
- Acceptance criteria are met
- Non-functional properties of the Feature have been validated (such as performance, resource, UX, security or privacy aspects)
- User Journey automation is delivered
- Support and SRE teams are provided with enough skills to support the feature in production environment
- is documented by
-
RHDEVDOCS-6390 [DOC] Support self-signed certificates in builds
-
- Open
-
- relates to
-
-
- Closed
-
- links to
