-
Notifications
You must be signed in to change notification settings - Fork 1.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[enterprise-4.6] Issue in file service_mesh/v2x/ossm-security.adoc #27619
Comments
Issues go stale after 90d of inactivity. Mark the issue as fresh by commenting If this issue is safe to close now please do so with /lifecycle stale |
Stale issues rot after 30d of inactivity. Mark the issue as fresh by commenting If this issue is safe to close now please do so with /lifecycle rotten |
Hi @nicop311 - does this apply to 4.6 only, or to subsequent versions as well? |
@jeana-redhat, there were quite a few changes in 4.6, but it should be the same for subsequent versions. |
thanks, Julie! |
Hi, there might be a wrong path for the location of the certificates when "Adding an external certificate authority key and certificate".
Suggestion: Replace
/etc/certs/root-cert.pem
by/var/run/secrets/istio/root-cert.pem
in the doc.Which section(s) is the issue in?
What needs fixing?
The path of the volume where the
root-cert.pem
certificate is stored on theistio-proxy
containers of the Bookinfo application seems to be wrong.In the doc (as of 2020-11-24), we can see that the path is
/etc/certs/root-cert.pem
. However in my OpenShift 4.6 testbed, the path is/var/run/secrets/istio/root-cert.pem
.The path
/var/run/secrets/istio/root-cert.pem
is configured in the following file: on aistio-proxy
(envoy) container/etc/istio/proxy/envoy-rev0.json
.My testbed software version
Red Hat OpenShift
$ oc version # result Client Version: 4.6.4 Server Version: 4.6.4 Kubernetes Version: v1.19.0+9f84db3
Red Hat Service Mesh, Maistra
Bookinfo: I take the example from Maistra Github, with no modification.
The text was updated successfully, but these errors were encountered: