Skip to content

run bundle(-upgrade): configure registry pod with root certificate secret #4703

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Apr 12, 2021
Merged

run bundle(-upgrade): configure registry pod with root certificate secret #4703

merged 1 commit into from
Apr 12, 2021

Conversation

estroz
Copy link
Member

@estroz estroz commented Mar 26, 2021

Description of the change:

  • internal/olm/operator/registry: add --ca-secret-name to accept the name of a secret containing a root certificate file.

Motivation for the change: This PR adds --ca-secret-name so users attempting to run bundles hosted by a registry using a custom CA can configure the registry Pod's opm registry add command with the root cert file.

Closes #4650

/kind feature

Checklist

If the pull request includes user-facing changes, extra documentation is required:

@openshift-ci-robot openshift-ci-robot added the kind/feature Categorizes issue or PR as related to a new feature. label Mar 26, 2021
@estroz
Copy link
Member Author

estroz commented Mar 26, 2021
edited
Loading

This is blocked by an opm release following operator-framework/operator-registry#611 being merged.

Docs need to be updated. I'd also like to hear whether using a secret is preferable to a file directly. I prefer the former because the user invoking operator-sdk run bundle would need the ability to create Secrets, when the cluster admin should be provisioning that user's (service) account with the require secret.

/hold

@openshift-ci-robot openshift-ci-robot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Mar 26, 2021
@estroz estroz requested a review from jmrodri March 26, 2021 01:10
@estroz estroz force-pushed the feature/registry-pod-ca-file branch from 48c8183 to b0b9be9 Compare March 26, 2021 01:17
@estroz
Copy link
Member Author

estroz commented Mar 26, 2021

/retest

@estroz
Copy link
Member Author

estroz commented Mar 29, 2021

operator-framework/operator-registry#611 was merged and a new latest image tag published.

/hold cancel

@openshift-ci-robot openshift-ci-robot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Mar 29, 2021
@estroz estroz force-pushed the feature/registry-pod-ca-file branch from b0b9be9 to 4d236ef Compare March 29, 2021 22:49
@estroz
This commit adds --ca-secret-name so users attempting to run
31cbc82 
bundles hosted by a registry using a custom CA can configure
the registry Pod's `opm registry add` command with the root cert file.

internal/olm/operator/registry: rename `--secret-name` to
`--pull-secret-name` to disambiguate new flag

docs/: consolidate private/custom CA registry configuration details
into an olm-integration doc

Signed-off-by: Eric Stroczynski <ericstroczynski@gmail.com>
@estroz estroz force-pushed the feature/registry-pod-ca-file branch from 4d236ef to 31cbc82 Compare March 29, 2021 22:54
jmrodri
jmrodri approved these changes Apr 11, 2021
View reviewed changes
Copy link
Member

@jmrodri jmrodri left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@openshift-ci-robot openshift-ci-robot added the lgtm Indicates that a PR is ready to be merged. label Apr 11, 2021
@estroz estroz merged commit 7e43b47 into operator-framework:master Apr 12, 2021
@estroz estroz deleted the feature/registry-pod-ca-file branch April 12, 2021 17:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jmrodri jmrodri jmrodri approved these changes

@marc-obrien marc-obrien Awaiting requested review from marc-obrien

@rashmigottipati rashmigottipati Awaiting requested review from rashmigottipati

Assignees

@jmrodri jmrodri

Labels
kind/feature Categorizes issue or PR as related to a new feature. lgtm Indicates that a PR is ready to be merged.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

operator-sdk run bundle cannot pull private bundle image
3 participants
@estroz @jmrodri @openshift-ci-robot