Uploaded image for project: 'OpenShift Image Registry'
  1. OpenShift Image Registry
  2. IR-234

Custom certificate authorities for S3

    XMLWordPrintable

Details

    • Story
    • Resolution: Done
    • Major
    • openshift-4.11
    • None
    • None
    • None
    • 8
    • Sprint 215, Sprint 216, Sprint 217, Sprint 218, Sprint 219, Sprint 220

    Description

      As an OpenShift administrator
      I want to provide the registry operator with a custom certificate authority for S3 storage
      so that I can use a third-party S3 storage provider.

      Acceptance criteria

      1. Users can specify a configmap name (from openshift-config) in config.imageregistry/cluster's spec.storage.s3.
      2. The operator uses CA from this configmap to check S3 bucket.
      3. The image registry pod uses CA from this configmap to access the S3 bucket.
      4. When a custom CA is defined, the operator/image-registry should still trust certificate authorities that are used by Amazon S3 and other well-known CAs.
      5. An end-to-end test that runs minio and checks the image registry becomes healthy with it.

      Attachments

        Issue Links

          relates to

          Feature Request - Feature requests from customers and/or users RFE-2600 Support a custom CA for the certificate of the integrated OpenShift Container Platform registry

          • Undefined - Priority not specified.
          • Accepted
          links to

          GitHub openshift/api#1180: IR-234: Add spec.storage.s3.trustedCA to image registry config

          GitHub openshift/cluster-image-registry-operator#759: IR-234: Custom certificate authorities for S3

          Activity

            Public project attachment banner

              context keys: [headless, issue, helper, isAsynchronousRequest, project, action, user]
              current Project key: IR

              People

                obulatov@redhat.com Oleg Bulatov
                obulatov@redhat.com Oleg Bulatov
                xiujuan wang xiujuan wang
                Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved: