Uploaded image for project: 'Cert Manager support for Red Hat OpenShift'
  1. Cert Manager support for Red Hat OpenShift
  2. CM-37

Detect Cluster Outbound Proxy and Additional Root Certificate Authorities

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Undefined
    • None
    • None
    • None
    • None
    • False
    • Hide

      None

      Show
      None
    • False
    • Supports injecting custom CA certificates and also detects cluster wide egress proxy configuration to configure the operator and the operand with HTTP_PROXY, HTTPS_PROXY and NO_PROXY.
    • 0

    Description

      Cross-posted: https://github.com/openshift/cert-manager-operator/issues/72

      This is a blocker for deploying to 1500+ sites at a customer.

      As it is, the cert-manager operator does not inject the needed cluster proxy and custom root CA configuration into the running Pods.

      You can inject the environmental variables for HTTP_PROXYHTTPS_PROXY, and NO_PROXY into the operator Subscription, which will apply them to the controller, but the controller does not pass them to the Deployments that are created by the CertManager instance.

      This is useful in case a cluster is behind an outbound proxy and needs to communicate with an ACME server on the internet, such as the Sectigo OV ACME server.

      Attachments

        Issue Links

          relates to

          Epic - Created by Jira Software - do not edit or delete. Issue type for a big user story that needs to be broken down. CM-33 cert-manager operator GA

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed
          links to

          GitHub openshift/cert-manager-operator#103: CFE-755: Support cluster-wide egress proxy injection

          Activity

            People

              thn@redhat.com Thejas N (Inactive)
              kmoini1@redhat.com Hadi Moini
              Xingxing Xia Xingxing Xia
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: