Uploaded image for project: 'OpenShift Windows Containers'
  1. OpenShift Windows Containers
  2. WINC-633

Copy additional CA cert bundle to Windows instances

    XMLWordPrintable

Details

    • Story
    • Resolution: Done
    • Normal
    • WMCO 9.0.0
    • None
    • wmco
    • 3
    • False
    • False
    • OCPSTRAT-292 - Support cluster-wide proxy on Windows Containers
    • Undefined
    • WINC - Sprint 239, WINC - Sprint 240

    Description

      Cluster admins can provide custom certificates that are required to communicate through their man-in-the-middle egress proxy. These user-provided certs need to be imported onto Windows nodes so they can become fully proxy aware. This story is the first step in support custom CA certificates for cluster-wide proxy.

      Description

      This story covers copying over the trusted CA bundle containing all the additional certs onto each Windows instance. The trust bundle must be kept up to date with the data present in the trusted-ca ConfigMap. 

      Acceptance Criteria

      • when a cluster wide proxy is in use, the cert bundle exists in a file on each Windows node
      • When proxy certificates are changed/rotated, the cert bundle file on each Windows node is updated with the new cert bundle

      Attachments

        Issue Links

          blocks

          Story - Created by Jira Software - do not edit or delete. Issue type for a user story. WINC-1090 Import custom CA certificates into Windows node system store

          • Normal - To be worked after urgent and high priorities are resolved. This term is chosen when the severity of an issue is relatively close to the level of effort to fix it. The existence of an easily implemented workaround can also lead to this priority level instead of a higher priority.
          • Closed
          is blocked by

          Story - Created by Jira Software - do not edit or delete. Issue type for a user story. WINC-637 Set cluster-wide proxy environment variables on Windows instance

          • Normal - To be worked after urgent and high priorities are resolved. This term is chosen when the severity of an issue is relatively close to the level of effort to fix it. The existence of an easily implemented workaround can also lead to this priority level instead of a higher priority.
          • Closed

          Story - Created by Jira Software - do not edit or delete. Issue type for a user story. WINC-999 WMCO manages new trusted CA ConfigMap

          • Normal - To be worked after urgent and high priorities are resolved. This term is chosen when the severity of an issue is relatively close to the level of effort to fix it. The existence of an easily implemented workaround can also lead to this priority level instead of a higher priority.
          • Closed
          is related to

          Story - Created by Jira Software - do not edit or delete. Issue type for a user story. WINC-687 Update node certs on the Windows nodes when they are rotated

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed
          is triggered by

          Feature - Capability or a well-defined set of functionality that delivers business value. Features can include additions or changes to existing functionality. Features can easily span multiple teams, and potentially multiple releases. OCPPLAN-7692 Setting proxy for windows node

          • Normal - To be worked after urgent and high priorities are resolved. This term is chosen when the severity of an issue is relatively close to the level of effort to fix it. The existence of an easily implemented workaround can also lead to this priority level instead of a higher priority.
          • Closed
          links to

          GitHub openshift/windows-machine-config-operator#1711: WINC-633: Copy additional CA bundle to Windows instances

          Web Link RHBA-2023:110725 Red Hat OpenShift support for Windows Containers 9.0.0 product release

          mentioned on

          GitLab Merge request - Updated US source to: e9637c8 Merge pull request #1711 from saifshaikh48/copy-ca-bundle

          Activity

            People

              mohashai Mohammad Shaikh
              mohashai Mohammad Shaikh
              Votes:
              3 Vote for this issue
              Watchers:
              7 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: