-
Story
-
Resolution: Done
-
Normal
-
None
-
Strategic Product Work
-
5
-
False
-
None
-
False
-
OCPSTRAT-292 - Support cluster-wide proxy on Windows Containers
-
-
-
WINC - Sprint 241
This story covers updating the local trust store of all Windows instances with the certs present in the trusted-ca ConfigMap. All certs that are not already present have to be imported and services must be able to load in the new certs (instance reboot required).
Engineering Details
WICD will do the cert imports, reading from the trust bundle file created by WMCO on each instance. WICD should compare the existing system certs with the expected ones in the trust bundle, and only initiate an instance reboot if it updated the cert config.
Acceptance Criteria
- Windows nodes are configured to import user-provided CA certs
- When proxy certificates are changed/rotated, the system cert store on each Windows nodes' is updated to hold each cert listed in the new trusted bundle
- blocks
-
WINC-688 Clear proxy certs from Windows nodes during deconfiguration
- Closed
- is blocked by
-
WINC-633 Copy additional CA cert bundle to Windows instances
- Closed
- links to
-
RHSA-2023:110725 Red Hat OpenShift support for Windows Containers 9.0.0 security update
- mentioned on