STOR-2770: Stop generating self-signed certificates#662
STOR-2770: Stop generating self-signed certificates#662mpatlasov wants to merge 1 commit intoopenshift:mainfrom
Conversation
|
@mpatlasov: This pull request references STOR-2770 which is a valid jira issue. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
openshift-ci-robot
added
the
jira/valid-reference
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: mpatlasov The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci
bot
added
the
approved
mpatlasov
force-pushed
the
STOR-2770-Stop-generating-self-signed-certificates
branch
from
8482eec to
9ab6e2c
Compare
|
@mpatlasov: This pull request references STOR-2770 which is a valid jira issue. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
Before this commit the following operators generated self-signed certificates: * aws-ebs-csi-driver-operator * azure-disk-csi-driver-operator * azure-file-csi-driver-operator * gcp-pd-csi-driver-operator * openstack-cinder-csi-driver-operator * manila-csi-driver-operator * ibm-vpc-block * powervs-block This commit add new Service object for each of them with special annotation which ask service-ca-operator to create certificates for us. Also, this commit ensures the operator's Pods mount those certificates to well-known path (`/var/run/secrets/serving-cert`). There is also a cosmetic change for `vmware-vsphere-csi-driver-operator`: remove `optional: true` for `vmware-vsphere-csi-driver-operator-metrics-serving-cert`. This must ensure that this operator will always wait for Secret containing certificates.
mpatlasov
force-pushed
the
STOR-2770-Stop-generating-self-signed-certificates
branch
from
9ab6e2c to
bf9b502
Compare
|
@mpatlasov: The following test failed, say
Full PR test history. Your PR dashboard. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
2 participants
Before this commit the following operators generated self-signed certificates:
This commit add new Service object for each of them with special annotation which ask service-ca-operator to create certificates for us. Also, this commit ensures the operator's Pods mount those certificates to well-known path (
/var/run/secrets/serving-cert).There is also a cosmetic change for
vmware-vsphere-csi-driver-operator: removeoptional: trueforvmware-vsphere-csi-driver-operator-metrics-serving-cert. This must ensure that this operator will always wait for Secret containing certificates.