Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cmd/openshift-install/create: Drop addRouterCAToClusterCA #1541

Closed
wants to merge 1 commit into from
Closed

cmd/openshift-install/create: Drop addRouterCAToClusterCA #1541

wants to merge 1 commit into from

Commits on Apr 5, 2019

  1. cmd/openshift-install/create: Drop addRouterCAToClusterCA 

    This was added in 4033577 (Append router CA to cluster CA in
kubeconfig, 2019-02-12, openshift#1242), where the motivation was [1]:

  With users created with an identity-provider, OAuth flow goes
  through router and router-ca is not trusted. This prohibits the user
  from using oc login from command line, without manually appending
  the router ca to the cluster ca. The openshift-ingress-operator
  creates the router-CA and this is not available until the very end
  of an install.

  This PR adds the router CA from configmap router-ca -n
  openshift-config-managed to the kubeconfig
  certificate-authority-data. This allows an identity-provided user to
  oc login from the terminal.

But the admin kubeconfig is already authenticated, so folks shouldn't
be using 'oc login' with that kubeconfig.  For example, see dee6929
(Modify kubeadmin usage message, admins should not use kubeadmin via
CLI, 2019-04-01, openshift#1513).  That leaves us with no use case for this
modification, and making the finish code watch-only sets us up to
rename away from the user-provided-infrastructure subcommand.

[1]: openshift#1242 (comment)
    @wking
    wking committed Apr 5, 2019
    Configuration menu
    Copy the full SHA
    cf174c4 View commit details
    Browse the repository at this point in the history