search

freeipa / freeipa-operator

EXPERIMENTAL kubernetes operator for FreeIPA
31 stars 5 forks source link

[bug] Subdomain hardcoded avoid operator deploy in different clusters #28

Closed avisiedo closed 3 years ago

avisiedo commented 3 years ago

Description

When an idm resource is created out of the permanent cluster, the endpoint for the route generated is using the permanent cluster subdomain hardcoded.

Steps to replay

  1. Provision a local cluster into the workstation and log in the local OpenShift.

  2. Install the operator.

  3. Create an idm resource.

    make recreate-sample-idm

  4. Read the route created

    oc get routes

  5. Accessing the route when fixed we will check the server certificate by:

    curl -k -I -vvv https://my-route 2>&1 | grep subject:

    Example:

    curl -k -I -vvv https://freeipa-operator.apps.permanent.idmocp.lab.eng.rdu2.redhat.com 2>&1 | grep subject:
subject: O=APPS.PERMANENT.IDMOCP.LAB.ENG.RDU2.REDHAT.COM; CN=freeipa-operator.apps.permanent.idmocp.lab.eng.rdu2.redhat.com

Expected result

For the local cluster into the workstation, which is using the subdomain: mykube.karmalabs.com

The route is based into the cluster subdomain + namespace, so for the "default" namespace it would be:

default.apps.mykube.karmalabs.com

The subject for the certificate would be:

subject: O=APPS.MYKUBE.KARMALABS.COM; CN=default.apps.mykube.karmalabs.com

Current result

For the local cluster into the workstation with subdomain "mykube.karmalabs.com", I got:

The route is based into the cluster subdomain + namespace, so for the "default" namesapce it would be:

default.apps.permanent.idmocp.lab.eng.rdu2.redhat.com

The subject for the certificate would be:

subject: O=APPS.PERMANENT.IDMOCP.LAB.ENG.RDU2.REDHAT.COM; CN=freeipa-operator.apps.permanent.idmocp.lab.eng.rdu2.redhat.com
openshift-ci-robot commented 3 years ago

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: avisiedo

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files: - ~~[OWNERS](https://github.com/freeipa/freeipa-operator/blob/master/OWNERS)~~ [avisiedo] Approvers can indicate their approval by writing `/approve` in a comment Approvers can cancel approval by writing `/approve cancel` in a comment
avisiedo commented 3 years ago

/test

openshift-ci-robot commented 3 years ago

@avisiedo: The /test command needs one or more targets. The following commands are available to trigger jobs:

Use /test all to run all jobs.

In response to [this](https://github.com/freeipa/freeipa-operator/pull/28#issuecomment-830861079): >/test Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.
avisiedo commented 3 years ago

/test unit

avisiedo commented 3 years ago

/retest

avisiedo commented 3 years ago

/retest