Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Trust openshift signer #1461

Merged
merged 1 commit into from
Feb 28, 2023
Merged

Trust openshift signer #1461

merged 1 commit into from
Feb 28, 2023

Conversation

cniackz
Copy link
Contributor

@cniackz cniackz commented Feb 23, 2023
edited
Loading

Objective:

To trust OpenShift Signer and fix #1412

Explanation:

Currently, we are not trusting the signer and we can't initialize the tenant due to:

Failed to get cluster health: Get "https://minio.tenant-lite.svc.cluster.local/minio/health/cluster": x509: certificate signed by unknown authority

The solution is simple, Daniel found where to get the certificates with this line:

oc get secret csr-signer -n openshift-kube-controller-manager-operator -o template='{{ index .data "tls.crt"}}' | base64 -d

All we need to do is to add/implement that line in the code to append the certs and trust signer.

Testing:

  • It was tested in OpenShift Cluster. If you want to test this change you will need to download the crc solution from RedHat and compile, get the docker pushed and then you will see this working on this branch.

@cniackz cniackz mentioned this pull request Feb 23, 2023
Closed
@cniackz cniackz self-assigned this Feb 23, 2023
@cniackz cniackz force-pushed the trust-openshift-signer branch from d7eb149 to 97f50c5 Compare February 23, 2023 16:50
@cniackz cniackz requested review from bexsoft and reivaj05 February 28, 2023 01:02
@cniackz cniackz force-pushed the trust-openshift-signer branch from 97f50c5 to 713c768 Compare February 28, 2023 01:03
@cniackz
Copy link
Contributor Author

cniackz commented Feb 28, 2023

test-kes will be fixed at #1457

@dvaldivia dvaldivia merged commit 0e378c8 into master Feb 28, 2023
@dvaldivia dvaldivia deleted the trust-openshift-signer branch February 28, 2023 21:21
pjuarezd pushed a commit to pjuarezd/operator that referenced this pull request Mar 2, 2023
@cniackz @pjuarezd
Trust openshift signer (minio#1461)
34ec627
@pjuarezd pjuarezd mentioned this pull request Jul 17, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dvaldivia dvaldivia dvaldivia approved these changes

@pjuarezd pjuarezd pjuarezd approved these changes

@harshavardhana harshavardhana Awaiting requested review from harshavardhana

@bexsoft bexsoft Awaiting requested review from bexsoft

@reivaj05 reivaj05 Awaiting requested review from reivaj05

Assignees

@cniackz cniackz

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Operator cannot contact Tenant due to x509: certificate signed by unknown authority in OpenShift
3 participants
@cniackz @pjuarezd @dvaldivia