Uploaded image for project: 'OpenShift Service Mesh'
  1. OpenShift Service Mesh
  2. OSSM-2678

Add a Doc note about using the `jwksResolverCA` feature out of TechoPreview

    XMLWordPrintable

Details

    • Story
    • Resolution: Duplicate
    • Major
    • None
    • None
    • Documentation
    • None
    • False
    • None
    • False

    Description

      Add a Doc note about using the `jwksResolverCA` feature out of TechoPreview

      This story is related to https://issues.redhat.com/browse/OSSM-1107

      We implemented a new SMCP feild `jwksResolverCA` for supporting upstream `jwksResolverExtraRootCA` parameter.
      Changes are implemented in OSSM 2.1.3 SMCP and incoming OSSM 2.2.1 SMCP

      Doc Request:

      • We can add a SMCP example for users who want to configure their own JWKS resolver CA from a SMCP spec. For example,

      SMCP spec:

      [...]
      spec:
        security:
          dataPlane:
              mtls: true # enable mtls for data plane
          # JWKSResolver extra CA
          # PEM-encoded certificate content to trust an additional CA
          jwksResolverCA: |
              -----BEGIN CERTIFICATE-----
              [...]
              [...]
              -----END CERTIFICATE-----
      ...
      
      

      Expected behavior:

      After applying the above SMCP spec for configuring the JWKS Resolver CA certificate, user should be able to find a ConfigMap such as pilot-jwks-cacerts-<SMCP name> created with the CA .pem data.

      For example,

      ConfigMap pilot-jwks-cacerts-<SMCP name>

      kind: ConfigMap
      apiVersion: v1
      data:
        extra.pem: |
            -----BEGIN CERTIFICATE-----
            [...]
            [...]
            -----END CERTIFICATE-----
      

      Attachments

        Issue Links

          Activity

            People

              Unassigned Unassigned
              yuaxu@redhat.com Yuanlin Xu
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: