Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement additional CA bundle propogation for non-OpenShift 4 infrastructures #17634

Closed
Tracked by #17825
mmorhun opened this issue Aug 13, 2020 · 3 comments
Closed
Tracked by #17825

Implement additional CA bundle propogation for non-OpenShift 4 infrastructures #17634

mmorhun opened this issue Aug 13, 2020 · 3 comments
Assignees
@mmorhun
Labels
area/install Issues related to installation, including offline/air gap and initial setup kind/enhancement A feature request - must adhere to the feature request template. severity/P2 Has a minor but important impact to the usage or development of the system.
Milestone
7.23

Comments

@mmorhun
Copy link
Contributor

mmorhun commented Aug 13, 2020

Is your enhancement related to a problem? Please describe.

As of now, cluster CA bundle might be propagated to Che components only on Openshift 4 infrastructure.
This should be also supported on Kubernetes and Openshift 3

Describe the solution you'd like

In case of Openshift 4 (only) it is possible to request from the Openshift cluster a config map with CA bundle, which then is propagated to Che components by Che. In case of other platforms we may require the configmap from a user (Che admin) instead of requesting it from the cluster. However, please note, that CA bundle provided by Openshift cluster many certs including commonly trusted one. And I do not think that it makes sense to request them all in case of manual config map creating. So here we have to merge (not replace) this configmap's certs with Che component's trust stores (it is done in most - if not all - cases).

Additional context

This is actual if due to some reasons, some endpoints is secured by other CA certificates. For example: external SSO, proxy with SSL Bump, a resource (a project as zip file) served outside cluster or inside cluster but with custom TLS certificate and so on...
@mmorhun mmorhun added the kind/enhancement A feature request - must adhere to the feature request template. label Aug 13, 2020
@mmorhun mmorhun mentioned this issue Aug 13, 2020
Merged
@che-bot che-bot added the status/need-triage An issue that needs to be prioritized by the curator responsible for the triage. See https://github. label Aug 13, 2020
@rkratky rkratky changed the title Implement additional CA bundle propogation for non Openshift 4 infrastructures Implement additional CA bundle propogation for non-OpenShift 4 infrastructures Aug 16, 2020
@rkratky rkratky added area/install Issues related to installation, including offline/air gap and initial setup and removed status/need-triage An issue that needs to be prioritized by the curator responsible for the triage. See https://github. labels Aug 16, 2020
@tolusha tolusha removed their assignment Aug 17, 2020
@tolusha tolusha added the severity/P2 Has a minor but important impact to the usage or development of the system. label Aug 17, 2020
@tolusha tolusha mentioned this issue Sep 10, 2020
Closed
1 task
@tolusha tolusha mentioned this issue Oct 7, 2020
Closed
50 tasks
@tolusha tolusha mentioned this issue Oct 26, 2020
Closed
46 tasks
@tolusha tolusha added this to the 7.22 milestone Oct 26, 2020
@tolusha
Copy link
Contributor

tolusha commented Nov 4, 2020

Changes are needed to be ported into master branch before starting working on the issue
#18264

@mmorhun
Copy link
Contributor Author

mmorhun commented Nov 6, 2020
edited
Loading

Looks like the changes already ported.

@mmorhun mmorhun self-assigned this Nov 6, 2020
@tolusha tolusha modified the milestones: 7.22, 7.23 Nov 11, 2020
@tolusha tolusha mentioned this issue Nov 16, 2020
Closed
58 tasks
This was referenced Nov 16, 2020
Merged
Merged
@mmorhun
Copy link
Contributor Author

mmorhun commented Nov 30, 2020

done

@mmorhun mmorhun closed this as completed Nov 30, 2020
@mmorhun mmorhun mentioned this issue Dec 4, 2020
Merged
6 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mmorhun mmorhun

Labels
area/install Issues related to installation, including offline/air gap and initial setup kind/enhancement A feature request - must adhere to the feature request template. severity/P2 Has a minor but important impact to the usage or development of the system.
Projects
None yet
Milestone
7.23
Development

No branches or pull requests
4 participants
@tolusha @rkratky @mmorhun @che-bot