Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use different secrets for TLS and self-signed-cert #14176

Merged
merged 1 commit into from
Aug 12, 2019
Merged

Use different secrets for TLS and self-signed-cert #14176

merged 1 commit into from
Aug 12, 2019

Conversation

sleshchenko
Copy link
Member

What does this PR do?

It's like a best practice to generate CA certificate, propagate it to clients to configure their trust stores.
And generate another non-CA certificate based on CA for establishing https connection.
See https://wiki.mozilla.org/SecurityEngineering/x509Certs
https://gist.github.com/fntlnz/cf14feb5a46b2eda428e000157447309
So, this PR adds an ability to configure TLS cert for ingresses and CA cert for trust stores separately.

What issues does this PR fix or reference?

#14035

Release Notes

N/A

Docs PR

N/A

@sleshchenko sleshchenko self-assigned this Aug 9, 2019
@che-bot
Copy link
Contributor

che-bot commented Aug 9, 2019

E2E Happy path tests of Eclipse Che Single User on K8S (minikube v1.1.1) has failed:

@che-bot che-bot added status/code-review This issue has a pull request posted for it and is awaiting code review completion by the community. kind/task Internal things, technical debt, and to-do tasks to be performed. labels Aug 9, 2019
This was referenced Aug 9, 2019
Merged
Closed
@dmytro-ndp
Copy link
Contributor

@sleshchenko: PR check has been failed because it uses Jenkinsfile now, which has been merged in master tonight. So, it requires to take changes from master.

@sleshchenko
Use different secrets for TLS and self-signed-cert
7c7128a 
Signed-off-by: Sergii Leshchenko <sleshche@redhat.com>
@sleshchenko
Copy link
Member Author

@dmytro-ndp Thanks for notifying me, rebased against master.

@che-bot
Copy link
Contributor

che-bot commented Aug 9, 2019

E2E Happy path tests of Eclipse Che Single User on K8S (minikube v1.1.1) has failed:

@benoitf
Copy link
Contributor

benoitf commented Aug 12, 2019

removing do-not-merge as target is fine with 7.0.0

@benoitf benoitf added this to the 7.0.0 milestone Aug 12, 2019
@sleshchenko sleshchenko merged commit f24796b into eclipse-che:master Aug 12, 2019
@sleshchenko sleshchenko deleted the helmSelfSignedCert branch August 12, 2019 10:02
@che-bot che-bot removed the status/code-review This issue has a pull request posted for it and is awaiting code review completion by the community. label Aug 12, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@benoitf benoitf benoitf approved these changes

@l0rd l0rd Awaiting requested review from l0rd

@nickboldt nickboldt Awaiting requested review from nickboldt

@rhopp rhopp Awaiting requested review from rhopp

Assignees

@sleshchenko sleshchenko

Labels
kind/task Internal things, technical debt, and to-do tasks to be performed.
Projects
None yet
Milestone
7.0.0
Development

Successfully merging this pull request may close these issues.
4 participants
@sleshchenko @che-bot @dmytro-ndp @benoitf