Uploaded image for project: 'OpenShift Image Registry'
  1. OpenShift Image Registry
  2. IR-234

Custom certificate authorities for S3


    • Icon: Story Story
    • Resolution: Done
    • Icon: Major Major
    • openshift-4.11
    • None
    • None
    • None
    • 8
    • False
    • False
    • Sprint 215, Sprint 216, Sprint 217, Sprint 218, Sprint 219, Sprint 220

      As an OpenShift administrator
      I want to provide the registry operator with a custom certificate authority for S3 storage
      so that I can use a third-party S3 storage provider.

      Acceptance criteria

      1. Users can specify a configmap name (from openshift-config) in config.imageregistry/cluster's spec.storage.s3.
      2. The operator uses CA from this configmap to check S3 bucket.
      3. The image registry pod uses CA from this configmap to access the S3 bucket.
      4. When a custom CA is defined, the operator/image-registry should still trust certificate authorities that are used by Amazon S3 and other well-known CAs.
      5. An end-to-end test that runs minio and checks the image registry becomes healthy with it.

            obulatov@redhat.com Oleg Bulatov
            obulatov@redhat.com Oleg Bulatov
            xiujuan wang xiujuan wang
            0 Vote for this issue
            2 Start watching this issue