Uploaded image for project: 'OpenShift Image Registry'
  1. OpenShift Image Registry
  2. IR-234

Custom certificate authorities for S3

    XMLWordPrintable

Details

    • Story
    • Resolution: Done
    • Major
    • openshift-4.11
    • None
    • None
    • None
    • 8
    • Sprint 215, Sprint 216, Sprint 217, Sprint 218, Sprint 219, Sprint 220

    Description

      As an OpenShift administrator
      I want to provide the registry operator with a custom certificate authority for S3 storage
      so that I can use a third-party S3 storage provider.

      Acceptance criteria

      1. Users can specify a configmap name (from openshift-config) in config.imageregistry/cluster's spec.storage.s3.
      2. The operator uses CA from this configmap to check S3 bucket.
      3. The image registry pod uses CA from this configmap to access the S3 bucket.
      4. When a custom CA is defined, the operator/image-registry should still trust certificate authorities that are used by Amazon S3 and other well-known CAs.
      5. An end-to-end test that runs minio and checks the image registry becomes healthy with it.

      Attachments

        Issue Links

          Activity

            Public project attachment banner

              context keys: [headless, issue, helper, isAsynchronousRequest, project, action, user]
              current Project key: IR

              People

                obulatov@redhat.com Oleg Bulatov
                obulatov@redhat.com Oleg Bulatov
                xiujuan wang xiujuan wang
                Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved: