-
Story
-
Resolution: Done
-
Normal
-
None
-
None
-
None
Jira Description
As a PCP user I want to encrypt connections to the keystone server so that the data in flight is secure.
Summary
Having done the research in https://issues.redhat.com/browse/OSP-19150 and https://issues.redhat.com/browse/OSP-19017 , we should be able to determine the architectural components that are needed for certificate provisioning and rotation as well as CRL management. As part of the task, we have to implement cert-manager into openstack-operator and provide guidance on how to use it in individual services.
Definition of Ready
When we can consider User Story to be Ready?
- Defined clearly enough that all members of the team understand what needs to be done
- Includes any required enabling specs. wire frames etc.
- Fully meet INVEST criteria for User Stories
- Dependencies identified and there is a clear strategy how they will be managed
Prerequisites
- Environment with cert-manager created and all of the needed certificate management scenarios reproduced
- Environment with IPA created and verified, with cert-manager replacing certmonger
Acceptance Criteria
- Documentation created determining the possible architecture of TLS Everywhere in PCP
- Initial documentation created for the adoption procedure
- Initial documentation on how to use cert-manager in individual services
Definition of Done
When we can consider User Story to be Done:
- Documentation created for the architecture of TLS Everywhere, consulted with the PCP team (Oliver Walsh etc)
- Iniitial documentation created for the adoption procedure, consulted with DPA team (Jiri Stransky)
- Initial documentation created on how to secure individual services (for other DFGs)
