-
Story
-
Resolution: Unresolved
-
Normal
-
openshift-4.15
-
None
-
None
-
BU Product Work
-
3
-
True
-
Blocked by https://issues.redhat.com/browse/NE-1479
-
False
-
OCPSTRAT-431 - Add support of custom PKI to Ingress Operator
-
Impediment
-
-
-
CFE Sprint 245, CFE Sprint 246, CFE Sprint 247
Openshift Router should create file watcher on `/var/run/configmaps/ca-trust/ca-bundle.crt` i.e. defaultDestinationCA and refresh haproxy.config and reload haproxy whenever the file is updated.
Acceptance Criteria:
- Whenever a service is created with the certificates signed by a new CA, and route for the same is created without destinationCA and`admin-ca-bundle` is updated with the new CA, the traffic to new service should go through seamlessly.(Expect some delay in the CA bundle to be updated by router).