Skip to content
This repository has been archived by the owner on Jan 12, 2023. It is now read-only.

Bug 1977657 - Concatenate Service Signing CA to global CA bundle #680

Merged
1 commit merged into from Jul 2, 2021
Merged

Bug 1977657 - Concatenate Service Signing CA to global CA bundle #680

1 commit merged into from Jul 2, 2021

Conversation

ghost
Copy link

@ghost ghost commented Jul 2, 2021
edited by ghost

In OpenShift 4.8, the service-ca.crt file contains only one CA certificate, the one for Service Serving Certificates, and this breaks the ability for NodeJS to verify Kubernetes API certificate. Previously, all the internal CA certificates were present in service-ca.crt. Now, they are only present in ca.crt.

This pull request creates an entrypoint script that concatenates the service-ca.crt to the ca.crt bundle, if it exists. A parallel pull request, kubev2v/forklift-operator#131, changes the NODE_EXTRA_CA_CERTS environment variable of the UI container to point to ca.crt, so that it uses the CA bundle with all the internal CAs and the Service Service CA.

@ghost ghost requested a review from fbladilo July 2, 2021 15:43
@ghost ghost self-assigned this Jul 2, 2021
@ghost ghost self-requested a review July 2, 2021 15:43
@sonarcloud
Copy link

sonarcloud bot commented Jul 2, 2021

Kudos, SonarCloud Quality Gate passed!

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
No Duplication information No Duplication information

@ghost ghost mentioned this pull request Jul 2, 2021
Merged
@konveyor-preview-bot
Copy link

🚀 Deployed Preview: http://konveyor-forklift-ui-pr-680-preview.surge.sh

Compare with current main branch: http://konveyor-forklift-ui-preview.surge.sh

fbladilo
fbladilo approved these changes Jul 2, 2021
View reviewed changes
Copy link
Collaborator

@fbladilo fbladilo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM , glad this one turned to be not so complicated.

@ghost ghost merged commit 86e6887 into kubev2v:main Jul 2, 2021
mturley pushed a commit to mturley/forklift-ui that referenced this pull request Jul 2, 2021
@fabiendupont @mturley
Bug 1977657 - Concatenate Service Signing CA to global CA bundle (kub…
a9ec969 
…ev2v#680)
@mturley mturley mentioned this pull request Jul 2, 2021
Merged
ghost pushed a commit that referenced this pull request Jul 2, 2021
@mturley @fabiendupont
[Backport] CA bundle fixes (#680, #681, #682) (#683)
68f6f6a 
* Bug 1977657 - Concatenate Service Signing CA to global CA bundle (#680)
* Bug 1977657 - Put CA bundle in a writeable folder (#681)
* Bug 1977657 - Fix typo in CA bundle file path (#682)

Co-authored-by: Fabien Dupont <fdupont@redhat.com>
This pull request was closed.
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@konveyor-preview-bot @fbladilo @fabiendupont