Uploaded image for project: 'Maistra'
  1. Maistra
  2. MAISTRA-2316

Communicate cert chains automatically

    XMLWordPrintable

Details

    • Story
    • Resolution: Unresolved
    • Blocker
    • None
    • None
    • None
    • None
    • Sprint 5

    Description

      As a mesh administrator, I want to be able to join two meshes into a federation that do not share a root certificate, so that administrative domains can be completely separate

      This story covers exchange of certificate chains at Federation initialization- for continuous updates of cert chains, see MAISTRA-2238

      Acceptance Criteria:

      • Cert chains are communicated between meshes automatically
      • Fetching of cert chains only happens once at initialization
      • Certificates are written into an emptyDir volume mounted into the istiod pod

       

      Attachments

        Issue Links

          blocks

          Story - Created by Jira Software - do not edit or delete. Issue type for a user story. MAISTRA-2238 Certificate Rotation

          • Critical - To be worked on immediately following BLOCKER issues.
          • Backlog
          clones

          Story - Created by Jira Software - do not edit or delete. Issue type for a user story. MAISTRA-2242 Support different root certificates

          • Blocker - To be worked above all other priorities. This term is chosen when the severity of the issue is very high, has no workaround, or the effort for the change is comparatively low. Issues that may be very publicly visible and could generate significant media attention may also drive a higher priority.
          • Closed
          is related to

          Epic - Created by Jira Software - do not edit or delete. Issue type for a big user story that needs to be broken down. OSSM-399 Federated Identity Management [with SPIRE?]

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Refinement

          Activity

            People

              Unassigned Unassigned
              dgrimm@redhat.com Daniel Grimm
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated: