Uploaded image for project: 'Maistra'
  1. Maistra
  2. MAISTRA-2007

Webhook CABundle not updated when istiod configured to use custom private key

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Major
    • maistra-2.0.1
    • None
    • None
    • None
    • MAISTRA 2.0.1

    Description

      When the control plane is configured to use a custom key for signing, the webhooks' CABundle is not updated and the installation/update fails, as the create/update calls for istio resources fail with validation errors.

      Steps to reproduce:

      1. Create cacerts secret in the target namespace using the example certs in istio.io/istio/samples/certs, e.g.: oc create secret generic cacerts --from-file path/to/istio/samples/certs
      2. Install control plane with following security settings:
      spec:
  security:
    certificateAuthority:
      type: Istiod
      istiod:
        type: PrivateKey

      Attachments

        Issue Links

          is related to

          Bug - A problem that impairs or prevents the functions of the product. MAISTRA-2040 Installation fails with 'certificate signed by unknown authority'

          • Blocker - To be worked above all other priorities. This term is chosen when the severity of the issue is very high, has no workaround, or the effort for the change is comparatively low. Issues that may be very publicly visible and could generate significant media attention may also drive a higher priority.
          • Closed

          Activity

            People

              dgrimm@redhat.com Daniel Grimm
              rcernich1 Rob Cernich
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: