Uploaded image for project: 'OpenShift Service Mesh'
  1. OpenShift Service Mesh
  2. OSSM-568

Integration with (external) cert-manager

    XMLWordPrintable

Details

    • Integration with cert-manager
    • False
    • False
    • doc_ack
    • Documentation (Ref Guide, User Guide, etc.), Release Notes
    • 100
    • 100% 100%
    • undefined

    Description

      How to integrate cert-manager with OSSM:

      • Customer want to use cert-manager as an issuer
      • they wont use the self-signed certificates that the mesh uses by default
      • We need a own certificate provider that generates certificate
        so cu configured in this way 
        certificateAuthority:
  type: Custom
  custom:
    address: cert-manager-istio-csr.cert-manager.svc:443
      • However, istiod still uses a self-signed certificated for the communication from gateway – virtual-service.
      • They want istio itself also request a certificate from cert-manager.
        However, the customer achieved the integration but wants to here from engineer side best and possible way.....
      • IBM P/Z platforms are not supported by the Cert-Manager Operator.

      Attachments

        Issue Links

          is documented by

          Task - Represents a small unit of work that is not end-user facing. OSSM-3180 [DOC] Integration of cert-manager with Service-Mesh

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed
          relates to

          Story - Created by Jira Software - do not edit or delete. Issue type for a user story. OSSM-1330 Allow specifying secret as pilot server cert when using CertificateAuthority: Custom

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Activity

            People

              jewertow@redhat.com Jacek Ewertowski
              rhn-support-evadla Eswar Vadla (Inactive)
              Gwynne Monahan, Praneeth Bajjuri
              Votes:
              2 Vote for this issue
              Watchers:
              27 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: