Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove redundunt self-signed-cert secret #15810

Closed
mmorhun opened this issue Jan 24, 2020 · 4 comments
Closed

Remove redundunt self-signed-cert secret #15810

mmorhun opened this issue Jan 24, 2020 · 4 comments
Assignees
@mmorhun
Labels
area/che-server area/chectl Issues related to chectl, the CLI of Che kind/task Internal things, technical debt, and to-do tasks to be performed. severity/P1 Has a major impact to usage or development of the system.
Milestone
7.10

Comments

@mmorhun
Copy link
Contributor

mmorhun commented Jan 24, 2020

Is your task related to a problem? Please describe.

For now, in case of using self-signed certificate user must provide precreated one.
But internally we use che-tls secret for securing routes and also use self-signed-cert for propagating CA certificate to Che components to trust the self-signed certificate. This is redundant and we can use only one secret che-tls which must have ca.crt field in case of self-signed certificate.

Describe the solution you'd like

Remove self-signed-cert secret and use che-tls instead. In case of manually generated by a user self-signed certificate and putting precreated secret, we should require ca.crt field in it.

Additional context

Cert Manager puts ca.crt in its secrets automatically.
@mmorhun mmorhun added kind/task Internal things, technical debt, and to-do tasks to be performed. area/chectl Issues related to chectl, the CLI of Che area/che-server labels Jan 24, 2020
@che-bot che-bot added the status/need-triage An issue that needs to be prioritized by the curator responsible for the triage. See https://github. label Jan 24, 2020
@tolusha
Copy link
Contributor

tolusha commented Jan 24, 2020
edited
Loading

@mmorhun
How is important this task is for TLS by default?
Is it something we can fix by ourselves?

@tolusha tolusha added status/info-needed More information is needed before the issue can move into the “analyzing” state for engineering. and removed status/need-triage An issue that needs to be prioritized by the curator responsible for the triage. See https://github. labels Jan 24, 2020
@mmorhun
Copy link
Contributor Author

mmorhun commented Jan 24, 2020

@tolusha I found this problem while I was working on #15313. This issue doesn't block TLS by default but brings need for additional effort in implementation. Also may ran into it later, so I would like to resolve it to have code clean and clear to understand.

@tolusha tolusha added severity/P2 Has a minor but important impact to the usage or development of the system. team/platform and removed status/info-needed More information is needed before the issue can move into the “analyzing” state for engineering. labels Jan 24, 2020
@mmorhun
Copy link
Contributor Author

mmorhun commented Jan 24, 2020

I think, I will handle this issue now, because the cost for workaround roughly equal to the cost of the fix...

@mmorhun mmorhun self-assigned this Jan 24, 2020
@tolusha tolusha added this to the Backlog - Deploy milestone Jan 24, 2020
@tolusha tolusha added severity/P1 Has a major impact to usage or development of the system. severity/P2 Has a minor but important impact to the usage or development of the system. sprint/current and removed severity/P2 Has a minor but important impact to the usage or development of the system. severity/P1 Has a major impact to usage or development of the system. sprint/next labels Jan 24, 2020
@tolusha tolusha mentioned this issue Jan 27, 2020
Closed
35 tasks
@mmorhun mmorhun mentioned this issue Jan 30, 2020
Merged
@tolusha tolusha added severity/P1 Has a major impact to usage or development of the system. and removed sprint/current severity/P2 Has a minor but important impact to the usage or development of the system. labels Feb 14, 2020
@tolusha tolusha mentioned this issue Feb 17, 2020
Closed
46 tasks
@tolusha tolusha removed this from the Backlog - Deploy milestone Feb 17, 2020
@mmorhun
Copy link
Contributor Author

mmorhun commented Feb 26, 2020

Done

@mmorhun mmorhun closed this as completed Feb 26, 2020
@tolusha tolusha added this to the 7.10.0 milestone Feb 28, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mmorhun mmorhun

Labels
area/che-server area/chectl Issues related to chectl, the CLI of Che kind/task Internal things, technical debt, and to-do tasks to be performed. severity/P1 Has a major impact to usage or development of the system.
Projects
None yet
Milestone
7.10
Development

No branches or pull requests
3 participants
@tolusha @mmorhun @che-bot