Uploaded image for project: 'OpenShift Request For Enhancement'
  1. OpenShift Request For Enhancement
  2. RFE-5237

Pipeline Results should auto-generate TLS certificate

XMLWordPrintable

    • Icon: Feature Request Feature Request
    • Resolution: Unresolved
    • Icon: Undefined Undefined
    • None
    • None
    • Pipelines
    • None
    • False
    • None
    • False
    • Not Selected

      1. Proposed title of this feature request

      Pipeline Results should auto-generate TLS certificate

      2. What is the nature and description of the request?

      Following the docs for installing Pipeline Results there is a step where the user is expected to create a TLS certificate that is used for the results service. This step is manual and requires the user to generate the certifcate using TLS and manage certificate rotation as per the docs here:

      https://docs.openshift.com/pipelines/1.14/records/using-tekton-results-for-openshift-pipelines-observability.html#results-cert_using-tekton-results-for-openshift-pipelines-observability

      Rather then have this user do this manually, the operator IMHO should create the service for Tekton Results so that it is annotated for a serving service certificate. This will cause OpenShift to automatically generate and manage a certificate using its internal CA and create a coresponding TLS secret. This process is documented here:

      https://docs.openshift.com/container-platform/4.14/security/certificates/service-serving-certificate.html

      3. Why does the customer need this? (List the business requirements here)

      Simplifies the installation by removing a manual step and the user no longer needs to manage certificate rotation.

      Note it could make sense to have the user create the TLS secret if Results was being exposed outside the cluster via a Route but this is not the case. I think exposing Results publicly would likely be problematic from a security point of view but not 100% sure on that.

      4. List any affected packages or components.

      OpenShift Pipelines Results

              rh-ee-ssadeghi Siamak Sadeghianfar
              gnunn@redhat.com Gerald Nunn
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated: