-
Feature Request
-
Resolution: Done
-
Minor
-
None
-
None
-
False
-
None
-
False
-
Not Selected
-
-
-
1. Proposed title of this feature request
Allow Comments in trustedCA Bundle
2. What is the nature and description of the request?
At first glance, it is very hard to see what a PEM-formated CA bundle contains. For OpenShift administrators and users (using the CA bundle injector functionality) it would be useful to add some information as a comment to the CA bundle so that it is immediately obvious what the CA bundle contains. The CA bundle that is shipped with OpenShift also contains comments, but when adding a comment to a custom bundle as per [1], the network operator fails with the following error:
Failed to validate additional trust bundle configmap 'openshift-config/sixpki-ca' (failed to validate trust bundle for proxy trustedCA 'sixpki-ca': failed parsing certificate data from ConfigMap "sixpki-ca": failed to parse certificate PEM)
Removing the comment fixes the problem.
[1] https://docs.openshift.com/container-platform/4.8/networking/configuring-a-custom-pki.html
3. Why does the customer need this? (List the business requirements here)
Better understandability of additional trust bundles for OpenShift Administrators and Users
Align it with the shipped CA bundle, which apparently can have comments.
4. List any affected packages or components.
OpenShift 4 Network Cluster Operator