3. What is the nature and description of the request?
Currently it is required for every route to specify the DestinationCACertificate of the service. This certificate is the same for all containers based on the same image. We need to switch off the validation of the DestinationCACertificate? Or if we need not to give this certificate to every user while creating routes?
4. Why does the customer need this? (List the business requirements here)
- We want to use the Re-Encrypt method for TLS.
- In our POD we have an Appserver with a certificate from an private CA
- We don’t want to include the private CA certificate in each route
5. How would the customer like to achieve this? (List the functional requirements here)
- We either need to trust this CA in general
- Or we need to ignore the SSL validation
6. For each functional requirement listed in question 5, specify how Red Hat and the customer can test to confirm the requirement is successfully implemented.
- Create https service in POD with SSL and certificate issues by a private CA
- Configure Route in Openshift to this service without specifying a destination CA
- Expected result: No error during route creation, Route is working (i.e. service is accessible via route)
7. Is there already an existing RFE upstream or in Red Hat bugzilla?
8. Does the customer have any specific timeline dependencies?
9. Is the sales team involved in this request and do they have any additional input?
- Yes: Wolfram Richter
10. List any affected packages or components.
- Openshift 3.2
11. Would the customer be able to assist in testing this functionality if implemented?
PR https://github.com/openshift/origin/pull/13752 was merged (for 3.6) to allow the destination CA cert to be omitted. The use case is to support cluster-signed service certificates.
Does that satisfy the use-case?
This bug has been identified as a dated (created more than 3 months ago) bug.
This bug has been triaged (has a trello card linked to it), or reviewed by Engineering/PM and has been put into the product backlog,
however this bug has not been slated for a currently planned release (3.9, 3.10 or 3.11), which cover our releases for the rest of the calendar year.
As a result of this bugs age, state on the current roadmap and PM Score (being below 70), this bug is being Closed - Differed,
as it is currently not part of the products immediate priorities.
Please see: https://docs.google.com/document/d/1zdqF4rB3ea8GmVIZ7qWCVYUaQ7-EexUrQEF0MTwdDkw/edit for more details.