Uploaded image for project: 'OpenShift Request For Enhancement'
  1. OpenShift Request For Enhancement
  2. RFE-2840

Allow Comments in trustedCA bundle

XMLWordPrintable

    • False
    • None
    • False
    • Not Selected

      1. Proposed title of this feature request
      Allow Comments in trustedCA Bundle

      2. What is the nature and description of the request?
      At first glance, it is very hard to see what a PEM-formated CA bundle contains. For OpenShift administrators and users (using the CA bundle injector functionality) it would be useful to add some information as a comment to the CA bundle so that it is immediately obvious what the CA bundle contains. The CA bundle that is shipped with OpenShift also contains comments, but when adding a comment to a custom bundle as per [1], the network operator fails with the following error:

      Failed to validate additional trust bundle configmap 'openshift-config/sixpki-ca' (failed to validate trust bundle for proxy trustedCA 'sixpki-ca': failed parsing certificate data from ConfigMap "sixpki-ca": failed to parse certificate PEM)

      Removing the comment fixes the problem.

      [1] https://docs.openshift.com/container-platform/4.8/networking/configuring-a-custom-pki.html

      3. Why does the customer need this? (List the business requirements here)

      Better understandability of additional trust bundles for OpenShift Administrators and Users

      Align it with the shipped CA bundle, which apparently can have comments.

      4. List any affected packages or components.

      OpenShift 4 Network Cluster Operator

            ddharwar@redhat.com Deepthi Dharwar
            rhn-support-dpateriy Divyam Pateriya
            Chris Fields
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: