Loading...

XML

Word

Printable

Type: Story
Resolution: Done
Priority: Major
Fix Version/s: openshift-4.11
Affects Version/s: None
Component/s: None
Labels:
None

Story Points:
8
Blocked:
False
Ready:
False
Epic Link:
IR-87
Market:

Sprint:
Sprint 215, Sprint 216, Sprint 217, Sprint 218, Sprint 219, Sprint 220

SFDC Cases Links:
SFDC Cases Counter:
SFDC Cases Open:

As an OpenShift administrator
I want to provide the registry operator with a custom certificate authority for S3 storage
so that I can use a third-party S3 storage provider.

Acceptance criteria

Users can specify a configmap name (from openshift-config) in config.imageregistry/cluster's spec.storage.s3.
The operator uses CA from this configmap to check S3 bucket.
The image registry pod uses CA from this configmap to access the S3 bucket.
When a custom CA is defined, the operator/image-registry should still trust certificate authorities that are used by Amazon S3 and other well-known CAs.
An end-to-end test that runs minio and checks the image registry becomes healthy with it.

relates to

RFE-2600 Support a custom CA for the certificate of the integrated OpenShift Container Platform registry

Accepted

links to

openshift/api#1180: IR-234: Add spec.storage.s3.trustedCA to image registry config

openshift/cluster-image-registry-operator#759: IR-234: Custom certificate authorities for S3

Assignee:: Oleg Bulatov (Inactive)

Reporter:: Oleg Bulatov (Inactive)

QA Contact:: XiuJuan Wang

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 2022/01/24 3:36 PM

Updated:: 2022/09/09 6:35 AM

Resolved:: 2022/06/09 10:15 AM

Details

Description

Acceptance criteria

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates