Loading...

XML

Word

Printable

Details

Type: Story
Resolution: Done
Priority: Critical
Fix Version/s: openshift-4.9
Affects Version/s: None
Component/s: Backend, Console Operator, Multicluster
Labels:
- groomed
- lifecycle-stale

Story Points:
3
Blocked:
False
Ready:
False
Epic Link:
Phase 2 - Unite Consoles (ACM, OCP)
Feature Link:
OCPSTRAT-402 - Unified Console
Release Note Text:
Undefined

Sprint:
Console - Sprint 202

SFDC Cases Links:
SFDC Cases Counter:

Description

Remove the use of insecure-skip-verify when connecting to API servers and OAuth servers on managed clusters. The console operator should pass a CA file to the console backend for each spoke cluster.

Each cluster has a namespace on the hub cluster. The CA file is available from a secret in that namespace. The console operator will need to read those secrets and mount the CA file for each cluster into the console pod.

Acceptance Criteria

We must handle cases where the kubeconfig is missing (for instance because the cluster is still being imported)
All use of InsecureSkipVerify is removed from the backend (talking to the API server or OAuth server)

Attachments

Activity

People

Assignee:: Jon Jackson

Reporter:: Samuel Padgett

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 2021/05/04 7:13 PM

Updated:: 2022/08/26 2:15 PM

Resolved:: 2021/06/03 3:14 PM