New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
How to define trusted TLS certs for the componentRoutes on the management cluster #3378
Comments
here is an extract from the CRD i mention for reference:
|
Issues go stale after 90d of inactivity. Mark the issue as fresh by commenting If this issue is safe to close now please do so with /lifecycle stale |
Stale issues rot after 30d of inactivity. Mark the issue as fresh by commenting If this issue is safe to close now please do so with /lifecycle rotten |
there doesnt seem to be any documentation about how to setup hostedclusters with valid certificates for all the endpoints
we have been able to get valid certs for the hostedclusters API and the routes served inside the hostedcluster (such as console) but for the
componentRoutes
on the parent cluster we are strugglingin the hostedcluster CRD it mentions that specifying
spec.configuration.ingress.componentRoutes.servingCertKeyPairSecret.name
pointing to a certificate in theopenshift-config
namespace is the way to do it but doing so like:results in the hosted cluster failing to deploy with error:
failed to get referenced secret c-shift/cluster-certificate: Secret "cluster-certificate" not found
if we copy the secret to the
c-shift
namespace the hostedcluster does come up successfully but when users of the hostedcluster are redirected to theoauth
route (which is hosted on the management cluster and runs inpassthrough
mode the cert is always the auto generated selfsigned cert and is untrustedThe text was updated successfully, but these errors were encountered: