Uploaded image for project: 'Cert Manager support for Red Hat OpenShift'
  1. Cert Manager support for Red Hat OpenShift
  2. CM-37

Detect Cluster Outbound Proxy and Additional Root Certificate Authorities

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Undefined Undefined
    • None
    • None
    • None
    • None
    • False
    • Hide

      None

      Show
      None
    • False
    • Supports injecting custom CA certificates and also detects cluster wide egress proxy configuration to configure the operator and the operand with HTTP_PROXY, HTTPS_PROXY and NO_PROXY.

      Cross-posted: https://github.com/openshift/cert-manager-operator/issues/72

      This is a blocker for deploying to 1500+ sites at a customer.

      As it is, the cert-manager operator does not inject the needed cluster proxy and custom root CA configuration into the running Pods.

      You can inject the environmental variables for HTTP_PROXYHTTPS_PROXY, and NO_PROXY into the operator Subscription, which will apply them to the controller, but the controller does not pass them to the Deployments that are created by the CertManager instance.

      This is useful in case a cluster is behind an outbound proxy and needs to communicate with an ACME server on the internet, such as the Sectigo OV ACME server.

            thn@redhat.com Thejas N (Inactive)
            kmoini1@redhat.com Hadi Moini
            Xingxing Xia Xingxing Xia
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: