Uploaded image for project: 'OpenShift Storage'
  1. OpenShift Storage
  2. STOR-2884

Stop generating self-signed certificates for OLM-based operators

XMLWordPrintable

    • Icon: Story Story
    • Resolution: Unresolved
    • Icon: Critical Critical
    • None
    • None
    • None
    • None
    • Storage Sprint 283

      All our OLM-based operators generate their own self-signed TLS certificates for their metrics endpoint. We should use certificates generated by service-ca-operator.

       List of the operators:

      • aws-efs-csi-driver-operator
      • smb-csi-driver-operator
      • secrets-store-csi-driver-operator
      • gcp-filestore-csi-driver-operator

      Proof for first three of them:

      $ oc logs -n openshift-cluster-csi-drivers aws-efs-csi-driver-operator-55c4977967-msp9g |grep -E "Using insecure, self-signed certificates|Using service-serving-cert provided certificates"
W0201 00:11:56.959856       1 cmd.go:257] Using insecure, self-signed certificates

$ oc logs -n openshift-cluster-csi-drivers smb-csi-driver-operator-6d4fdc54cc-nskpn |grep -E "Using insecure, self-signed certificates|Using service-serving-cert provided certificates"
W0201 00:52:10.887763       1 cmd.go:257] Using insecure, self-signed certificates

$ oc logs -n openshift-cluster-csi-drivers secrets-store-csi-driver-operator-77c8fb7bf5-mlxkw |grep -E "Using insecure, self-signed certificates|Using service-serving-cert provided certificates"
W0201 02:09:00.376700       1 cmd.go:257] Using insecure, self-signed certificates

      And for the last one see how operator deployment is defined in gcp-filestore-csi-driver-operator.clusterserviceversion.yaml.

              rhn-engineering-jsafrane Jan Safranek
              rh-ee-mpatlaso Maxim Patlasov
              None
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated: