Uploaded image for project: 'OpenShift Service Mesh'
  1. OpenShift Service Mesh
  2. OSSM-2678

Add a Doc note about using the `jwksResolverCA` feature out of TechoPreview

XMLWordPrintable

    • Icon: Story Story
    • Resolution: Duplicate
    • Icon: Major Major
    • None
    • None
    • Documentation
    • None
    • False
    • Hide

      None

      Show
      None
    • False

      Add a Doc note about using the `jwksResolverCA` feature out of TechoPreview

      This story is related to https://issues.redhat.com/browse/OSSM-1107

      We implemented a new SMCP feild `jwksResolverCA` for supporting upstream `jwksResolverExtraRootCA` parameter.
      Changes are implemented in OSSM 2.1.3 SMCP and incoming OSSM 2.2.1 SMCP

      Doc Request:

      • We can add a SMCP example for users who want to configure their own JWKS resolver CA from a SMCP spec. For example,

      SMCP spec:

      [...]
spec:
  security:
    dataPlane:
        mtls: true # enable mtls for data plane
    # JWKSResolver extra CA
    # PEM-encoded certificate content to trust an additional CA
    jwksResolverCA: |
        -----BEGIN CERTIFICATE-----
        [...]
        [...]
        -----END CERTIFICATE-----
...

      Expected behavior:

      After applying the above SMCP spec for configuring the JWKS Resolver CA certificate, user should be able to find a ConfigMap such as pilot-jwks-cacerts-<SMCP name> created with the CA .pem data.

      For example,

      ConfigMap pilot-jwks-cacerts-<SMCP name>

      kind: ConfigMap
apiVersion: v1
data:
  extra.pem: |
      -----BEGIN CERTIFICATE-----
      [...]
      [...]
      -----END CERTIFICATE-----

              Unassigned Unassigned
              yuaxu@redhat.com Yuanlin Xu
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: