Uploaded image for project: 'Red Hat OpenShift Dev Spaces (formerly CodeReady Workspaces) '
  1. Red Hat OpenShift Dev Spaces (formerly CodeReady Workspaces)
  2. CRW-9496

[RN] Ensure ca-certs-merged CM is resynced when disableWorkspaceCaBundleMount changed

XMLWordPrintable

    • 3
    • False
    • Hide

      None

      Show
      None
    • False
    • Release Notes
    • Hide
      = `ca-certs-merged` `ConfigMap` now synchronized correctly

      Previously, two issues occurred when handling custom certificates:

      * When you set the `spec.devEnvironments.trustedCerts.disableWorkspaceCaBundleMount` field to `true` in the `CheCluster` custom resource, the `ca-certs-merged` `ConfigMap` was not updated with the correct annotations.

      * The mounted `/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem` file had incorrect permissions, which prevented the `update-ca-trust` command from running.

      These issues are now resolved. The `tls-ca-bundle.pem` file now has `0444` permissions. When `disableWorkspaceCaBundleMount` is set to `true`, the `ca-certs-merged` `ConfigMap` is correctly annotated to mount certificates to `/public-certs`.

      For more information, see the documentation about link:https://example.com/[Importing untrusted TLS certificates].
      Show
      = `ca-certs-merged` `ConfigMap` now synchronized correctly Previously, two issues occurred when handling custom certificates: * When you set the `spec.devEnvironments.trustedCerts.disableWorkspaceCaBundleMount` field to `true` in the `CheCluster` custom resource, the `ca-certs-merged` `ConfigMap` was not updated with the correct annotations. * The mounted `/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem` file had incorrect permissions, which prevented the `update-ca-trust` command from running. These issues are now resolved. The `tls-ca-bundle.pem` file now has `0444` permissions. When `disableWorkspaceCaBundleMount` is set to `true`, the `ca-certs-merged` `ConfigMap` is correctly annotated to mount certificates to `/public-certs`. For more information, see the documentation about link: https://example.com/ [Importing untrusted TLS certificates].
    • Bug Fix
    • Done

      Previously, the ca-certs-merged ConfigMap was not updated with the correct annotations when the spec.devEnvironments.trustedCerts.disableWorkspaceCaBundleMount field was set to true in the CheCluster CR.

      Additionally when the certificates were mounted, the /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem file did not have sufficient permissions to run update-ca-trust.

      With this release:

      • The mounted tls-ca-bundle.pem file will now have 0444 permissions
      • When the disableWorkspaceCaBundleMount field is set to true, the ca-certs-merged ConfigMap will have annotations required to mount to /public-certs.

      More information about importing untrusted TLS certificates can be found in the official docs.

              gtrivedi@redhat.com Gaurav Trivedi
              gtrivedi@redhat.com Gaurav Trivedi
              Serhii Skoryk Serhii Skoryk
              Gaurav Trivedi Gaurav Trivedi
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: