Uploaded image for project: 'OpenShift Request For Enhancement'
  1. OpenShift Request For Enhancement
  2. RFE-8956

ACS CA certificate should be automatically trusted by OpenShift

XMLWordPrintable

    • Icon: Feature Request Feature Request
    • Resolution: Unresolved
    • Icon: Undefined Undefined
    • None
    • None
    • rhacs
    • None
    • None
    • Product / Portfolio Work
    • None
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • None
    • None
    • None
    • None

      USER PROBLEM
      Since ACS is an official Red Hat operator, OpenShift should automatically trust Central CA certificate. This would be useful whenever an OCP component needs to connect to central. Example: in this Prometheus configuration [0] to access custom metrics, I had to manually trust ca certificate, with all the disadvantages that come with it (more complicated configurations, certificate expiration management, ...)

      [0] https://access.redhat.com/solutions/7139236

      CONDITIONS
      Always.

      ROOT CAUSE
      Central CA certificate is not in OCP trust bundle.

      FIX
      The only workaround at the moment is to manually trust Central CA certificate for each component connecting to ACS.

              saledort@redhat.com Sabina Aledort
              rhn-support-dcommiss Domenico Commisso
              None
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                None
                None