Uploaded image for project: 'OpenShift Container Platform (OCP) Strategy'
  1. OpenShift Container Platform (OCP) Strategy
  2. OCPSTRAT-413

Support injecting of ca-bundle in PKCS#12 format and override it's name in CNO

XMLWordPrintable

    • Icon: Feature Feature
    • Resolution: Unresolved
    • Icon: Normal Normal
    • None
    • None
    • Core, Networking
    • False
    • False
    • 50
    • 50% 50%
    • Undefined
    • 0
    • 0

      Goal

      • The goal in this epic to 
        • Allow users get the ca-bundle injected in their configmaps in PKCS#12 format using CNO.
        • Allow override the name of the ca-bundle.crt key in configmaps when injecting the CA bundle using the Cluster Network Operator.

      Why is this important?

      Both these features are requested by customers for following reasons.

      1. Customer deploying an EAP applications in their cluster which require trust in their corporate CA.  The only way to accomplish this is using initContainers to convert the .pem into .p12 or .jks for every single deployment or using 3rd party operators (which causes a poor image from OpenShift which could provide a full solution). Therefore we need a straightforward method to address this cumbersome process.  
      1. Not every single piece of software out there is configured to read the same filename `ca-bundle.crt` when reading certificates. Given that not everyone is capable of edit the deployments/deploymentconfigs when there's an operator controlling the resource and undoing the changes in the mounts. Therefore request to override the name of crt injected by the CNO operator.

       

            ddharwar@redhat.com Deepthi Dharwar
            ddharwar@redhat.com Deepthi Dharwar
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated: