Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Inject CA trust bundle into managed containers and set SSL_CERT_DIR #491

Merged
merged 1 commit into from
Jul 8, 2024
Merged

Inject CA trust bundle into managed containers and set SSL_CERT_DIR #491

merged 1 commit into from
Jul 8, 2024

Conversation

osmman
Copy link
Contributor

@osmman osmman commented Jul 3, 2024
edited
Loading

@openshift-ci openshift-ci bot requested review from bouskaJ and sallyom July 3, 2024 15:14
@openshift-ci OpenShift CI
Copy link

openshift-ci bot commented Jul 3, 2024

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: osmman

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci bot added the approved label Jul 3, 2024
@osmman osmman force-pushed the trusted-ca-bundles branch from 1a2354b to 0738637 Compare July 3, 2024 16:33
@bouskaJ
Copy link
Collaborator

bouskaJ commented Jul 4, 2024

Can you create e2e test for this feature?

@bouskaJ
Copy link
Collaborator

bouskaJ commented Jul 4, 2024
edited
Loading

Can you create e2e test for this feature?

I mean can modify the CI to use keycloak (self signed) route instead of the insecure service https://github.com/securesign/secure-sign-operator/blob/main/.github/workflows/main.yml#L187 This should verify kuberoot CA injection AFIK

I am not sure how to test the annotation injection. But with that ^^ we will know that the volume is correctly mounted and the ENV property works fine

@osmman
Copy link
Contributor Author

osmman commented Jul 4, 2024

Can you create e2e test for this feature?

I mean can modify the CI to use keycloak (self signed) route instead of the insecure service https://github.com/securesign/secure-sign-operator/blob/main/.github/workflows/main.yml#L187 This should verify kuberoot CA injection AFIK

I am not sure how to test the annotation injection. But with that ^^ we will know that the volume is correctly mounted and the ENV property works fine

Yes, that will be good to modify Keycloack deployment on Kind cluster. I think Openshift CI uses self signed certificates if I remember correctly.

@bouskaJ
Copy link
Collaborator

bouskaJ commented Jul 8, 2024

/lgtm

@openshift-ci openshift-ci bot added the lgtm label Jul 8, 2024
@osmman
Copy link
Contributor Author

osmman commented Jul 8, 2024

/retest

@osmman osmman force-pushed the trusted-ca-bundles branch from 0738637 to 12d158a Compare July 8, 2024 10:07
@openshift-ci openshift-ci bot removed the lgtm label Jul 8, 2024
@bouskaJ
Copy link
Collaborator

bouskaJ commented Jul 8, 2024

/lgtm

@openshift-ci openshift-ci bot added the lgtm label Jul 8, 2024
@osmman
Copy link
Contributor Author

osmman commented Jul 8, 2024

/test tas-operator-e2e

@openshift-merge-bot openshift-merge-bot bot merged commit a2acd1e into main Jul 8, 2024
13 checks passed
@osmman osmman deleted the trusted-ca-bundles branch July 16, 2024 09:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bouskaJ bouskaJ Awaiting requested review from bouskaJ

@sallyom sallyom Awaiting requested review from sallyom

Assignees

@bouskaJ bouskaJ

Labels
approved lgtm
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@osmman @bouskaJ