-
Story
-
Resolution: Duplicate
-
Major
-
None
-
None
-
None
-
False
-
None
-
False
Add a Doc note about using the `jwksResolverCA` feature out of TechoPreview
This story is related to https://issues.redhat.com/browse/OSSM-1107
We implemented a new SMCP feild `jwksResolverCA` for supporting upstream `jwksResolverExtraRootCA` parameter.
Changes are implemented in OSSM 2.1.3 SMCP and incoming OSSM 2.2.1 SMCP
Doc Request:
- We can add a resolved issue item in the 2.2.1 and next 2.1.x release note about the
https://issues.redhat.com/browse/OSSM-1107
- We can add a SMCP example for users who want to configure their own JWKS resolver CA from a SMCP spec. For example,
SMCP spec:
[...]
spec:
security:
dataPlane:
mtls: true # enable mtls for data plane
# JWKSResolver extra CA
# PEM-encoded certificate content to trust an additional CA
jwksResolverCA: |
-----BEGIN CERTIFICATE-----
[...]
[...]
-----END CERTIFICATE-----
...
Expected behavior:
After applying the above SMCP spec for configuring the JWKS Resolver CA certificate, user should be able to find a ConfigMap such as pilot-jwks-cacerts-<SMCP name> created with the CA .pem data.
For example,
ConfigMap pilot-jwks-cacerts-<SMCP name>
kind: ConfigMap
apiVersion: v1
data:
extra.pem: |
-----BEGIN CERTIFICATE-----
[...]
[...]
-----END CERTIFICATE-----