Uploaded image for project: 'Cert Manager support for Red Hat OpenShift'
  1. Cert Manager support for Red Hat OpenShift
  2. CM-682

[istio-csr GA] Cleanup operand resources when `istiocsr` resource is removed.

XMLWordPrintable

    • Icon: Story Story
    • Resolution: Unresolved
    • Icon: Normal Normal
    • cert-manager-1.18
    • cert-manager-1.18
    • None

      When the `istiocsr.operator.openshift.io` custom resource is deleted, remove all the resources created for operand installation.

      Removing the operand will have undesirable effect, new certificates issuance will fail. Hence we have to check whether any Istio resource reference istio-csr's gRPC endpoint through a validating webhook.

      Acceptance Criteria:

      • Validating webhook to check if any istio resource is configured with istio-csr service name, and deletion of `istiocsr.operator.openshift.io` resource deletion should fail with error. And it should be allowed when `force` option is set.
      • Option should be checked in both ServiceMesh v2 and v3.
        • v2: `istiooperator.install.istio.io.spec.values.global.caAddress`
        • v3: `istio.sailoperator.io.spec.values.global.caAddress`
      • Add relevant UT's and e2e's

          1.
          		 Bharath - Review of CM-682 Sub-task To Do Undefined Bharath B

              rh-ee-ckyal Chirag Kyal
              bhb@redhat.com Bharath B
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated: