Uploaded image for project: 'Red Hat OpenShift Dev Spaces (formerly CodeReady Workspaces) '
  1. Red Hat OpenShift Dev Spaces (formerly CodeReady Workspaces)
  2. CRW-9428

Ensure ca-certs-merged CM is resynced when disableWorkspaceCaBundleMount changed

XMLWordPrintable

    • False
    • Hide

      None

      Show
      None
    • False
    • Release Notes
    • Hide
      = Ensure ca-certs-merged CM is resynced when disableWorkspaceCaBundleMount changed

      Previously, the `ca-certs-merged` ConfigMap was not updated with the correct annotations when the `spec.devEnvironments.trustedCerts.disableWorkspaceCaBundleMount` field was set to true in the CheCluster CR.

      Additionally when the certificates were mounted, the `tls-ca-bundle.pem` file did not have sufficient permissions to run `update-ca-trust`.

      With this release:

      * The mounted `tls-ca-bundle.pem` file will now have `0444` permissions.

      * When the `disableWorkspaceCaBundleMount` field is set to `true`, the `ca-certs-merged` ConfigMap will have annotations required to mount to `/public-certs`.
      Show
      = Ensure ca-certs-merged CM is resynced when disableWorkspaceCaBundleMount changed Previously, the `ca-certs-merged` ConfigMap was not updated with the correct annotations when the `spec.devEnvironments.trustedCerts.disableWorkspaceCaBundleMount` field was set to true in the CheCluster CR. Additionally when the certificates were mounted, the `tls-ca-bundle.pem` file did not have sufficient permissions to run `update-ca-trust`. With this release: * The mounted `tls-ca-bundle.pem` file will now have `0444` permissions. * When the `disableWorkspaceCaBundleMount` field is set to `true`, the `ca-certs-merged` ConfigMap will have annotations required to mount to `/public-certs`.
    • Bug Fix
    • Proposed

      Related upstream issue: https://github.com/eclipse-che/che/issues/23533

      Mounting untrusted Eclipse Che certificates results in incorrect file permissions for `tls-ca-bundle.pem`. This permission error blocks the update-ca-trust command from running successfully.

      Also, setting `spec.devEnvironments.trustedCerts.disableWorkspaceCaBundleMount` to `true` does not update the annotations on the ca-certs-merged ConfigMap as expected.

              abazko Anatolii Bazko
              dakwon@redhat.com David Kwon
              Serhii Skoryk Serhii Skoryk
              Gaurav Trivedi Gaurav Trivedi
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: