Uploaded image for project: 'Cert Manager support for Red Hat OpenShift'
  1. Cert Manager support for Red Hat OpenShift
  2. CM-121

Spike to investigate cert-manager providing certificates instead of Service CA for internal components such as monitoring, logging, console

XMLWordPrintable

    • Icon: Spike Spike
    • Resolution: Unresolved
    • Icon: Major Major
    • None
    • None
    • Security
    • False
    • Hide

      None

      Show
      None
    • False

      Many customers have requested to manage serving certificates for non-core control plane components such as Monitoring server, logging server, console to be configurable with cert-manager generated certificates for integration with corporate CAs/external CAs. 

      Today these certificates are managed by the Service CA operator that creates an internal CA which provides the serving certs to monitoring or logging operator. See https://docs.openshift.com/container-platform/4.13/security/certificate_types_descriptions/service-ca-certificates.html 

      The goal of this Spike is to investigate how to replace Serving certificates generated internally to those generated by cert-manager, which is a Day 2 Operator. 

      Non Goal: Replacing Service CA is a non-goal. We want to understand if its possible to augment what Service CA does, and add a certificate that these services can consume. 

              tgeer@redhat.com Trilok Geer
              atelang@redhat.com Anjali Telang
              Heather Heffner, Jeremy Peterson, Trilok Geer
              Votes:
              1 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated:

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 1 day, 2 hours
                  1d 2h