Uploaded image for project: 'Knative Serving'
  1. Knative Serving
  2. SRVKS-955

Allow openshift-serverless to use the custom certificate name for Kourier Gateway

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major Major
    • 1.25.0
    • None
    • None
    • None

      Currently serverless operator assumes that "router-certs-default" secret is deployed in "openshift-ingress" as:

      • openshift-knative-operator/pkg/serving/kourier.go 
                if ks.GetSpec().GetConfig()[networkCMName][InternalEncryptionKey] != "" {
                envVars = append(envVars,
                        corev1.EnvVar{Name: "CERTS_SECRET_NAMESPACE", Value: "openshift-ingress"},
                        corev1.EnvVar{Name: "CERTS_SECRET_NAME", Value: "router-certs-default"})
        }

      But the secret name is configurable as:

      apiVersion: operator.openshift.io/v1
kind: IngressController
metadata:
  name: default
  namespace: openshift-ingress-operator
spec:
  replicas: 2
  defaultCertificate:
    name: {{ cluster_name }}

      So,

      • we need to allow users to change the secret name.
        OR
      • get the secret name via IngressController CR by reading it.

              rhn-support-knakayam Kenjiro Nakayama (Inactive)
              rhn-support-knakayam Kenjiro Nakayama (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: