Uploaded image for project: 'Keycloak'
  1. Keycloak
  2. KEYCLOAK-15147

Adopt the new way of obtaining Service CA TLS certificate

    Details

    • Story Points:
      5
    • Docs QE Status:
      NEW
    • QE Status:
      NEW

      Description

      OpenShift 4.1 deprecates the automatic mounts of service-ca.crt file (see this Github issue). The service-ca.crt file is used both by Keycloak Operator and RHSSO deployments.

      As OpenShift documentation suggests, the easiest migration path is to use an empty ConfigMap annotated with service.beta.openshift.io/inject-cabundle=true. OpenShift will automatically inject service-ca.crt file there. Also, we should explicitly reference service-ca.crt file in volumeMount section. This way, Keycloak won't start until everything is properly set up.

      The implementation needs to be split into 2 places:

      • Keycloak Operator
      • OpenShift examples in Keycloak Container repo

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                sebastian.laskawiec Sebastian Laskawiec
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated: