Loading...

XML

Word

Printable

Type: Story
Resolution: Unresolved
Priority: Normal
Fix Version/s: openshift-4.17
Affects Version/s: openshift-4.15
Component/s: None
Labels:
None

Work Type:
BU Product Work
Story Points:
3
Blocked:
True
Blocked Reason:
Blocked by https://issues.redhat.com/browse/NE-1479
Ready:
False
Epic Link:
NE-761
Feature Link:
OCPSTRAT-431 - Add support of custom PKI to Ingress Operator
Flagged:

Impediment
Intelligence Requested:
Market:

Sprint:
CFE Sprint 245, CFE Sprint 246, CFE Sprint 247

Target Version:

openshift-4.17

SFDC Cases Links:
SFDC Cases Counter:
SFDC Cases Open:

Openshift Router should create file watcher on `/var/run/configmaps/ca-trust/ca-bundle.crt` i.e. defaultDestinationCA and refresh haproxy.config and reload haproxy whenever the file is updated.

Acceptance Criteria:

Whenever a service is created with the certificates signed by a new CA, and route for the same is created without destinationCA and`admin-ca-bundle` is updated with the new CA, the traffic to new service should go through seamlessly.(Expect some delay in the CA bundle to be updated by router).

links to

openshift/router#537: CFE-986: Reload router when defaultDestinationCA is updated

Assignee:: Bharath B

Reporter:: Bharath B

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 2023/11/09 4:56 AM

Updated:: 2024/09/05 2:48 AM

Details

Description

Attachments

Issue Links

Activity

People

Dates