-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Ensure we use certificates of the OpenShift Ingress even if self-signed-certificate
secret isn't created
#17826
Labels
area/che-operator
Issues and PRs related to Eclipse Che Kubernetes Operator
kind/task
Internal things, technical debt, and to-do tasks to be performed.
severity/P1
Has a major impact to usage or development of the system.
Comments
tolusha
added
kind/task
Internal things, technical debt, and to-do tasks to be performed.
area/che-operator
Issues and PRs related to Eclipse Che Kubernetes Operator
severity/P1
Has a major impact to usage or development of the system.
labels
Sep 10, 2020
tolusha
changed the title
Ensure certificate chain of trust is stored into
Ensure we don't miss certificate chain of trust even if Sep 10, 2020
ca-certs
config map self-signed-certificate
secret isn't created
tolusha
changed the title
Ensure we don't miss certificate chain of trust even if
Ensure we don't miss certificates of the OpenShift Ingress if Sep 23, 2020
self-signed-certificate
secret isn't createdself-signed-certificate
secret isn't created
The workaround:
|
tolusha
changed the title
Ensure we don't miss certificates of the OpenShift Ingress if
Ensure we use certificates of the OpenShift Ingress if Sep 23, 2020
self-signed-certificate
secret isn't createdself-signed-certificate
secret isn't created
tolusha
changed the title
Ensure we use certificates of the OpenShift Ingress if
Ensure we use certificates of the OpenShift Ingress even if Sep 23, 2020
self-signed-certificate
secret isn't createdself-signed-certificate
secret isn't created
Since Theia requires complete certificate chain of trust [1] there is no benefits in this issue anymore. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
area/che-operator
Issues and PRs related to Eclipse Che Kubernetes Operator
kind/task
Internal things, technical debt, and to-do tasks to be performed.
severity/P1
Has a major impact to usage or development of the system.
Is your task related to a problem? Please describe.
For the time being operator analyze the certificate chain of trust of the OpenShift Ingess and tries to guess if self-signed certificate is used. In the most cases it works fine. But if root CA is absent in the chain then
self-signed-certificate
secret won't be created and communication between che components might fail.Describe the solution you'd like
Put certificate chain of trust of the OpenShift Ingess into
ca-certs
configmap when self-signed certificate is not detected.Additional context
Is related to: #17825
Depends on #17938
The text was updated successfully, but these errors were encountered: