search

noobaa / noobaa-operator

Operator for NooBaa - object data service for hybrid and multi cloud environments :cloud: :wrench:
https://www.noobaa.io
Apache License 2.0
103 stars 101 forks source link

Generate and mount certificates for the MCG STS service #1370

Closed Neon-White closed 5 months ago

Neon-White commented 5 months ago

Explain the changes

Up until now, the STS HTTPS server reused the certificate that was generated for the S3 service. This has led to a problem with Openshift's internal HAProxy not letting requests through since it was set to verifyhost - which subsequently failed since the requests contained the cert for s3. instead of sts. This PR:

  1. Adds the necessary annotations to the STS service for certs to be generated
  2. Mounts the certs on the endpoint pod
  3. Removes unused S3 service certs that were mounted on the core pod

This PR is the other half of https://github.com/noobaa/noobaa-core/pull/8123

Issues: Fixed #xxx / Gap #xxx

  1. https://bugzilla.redhat.com/show_bug.cgi?id=2009627

Testing Instructions:

  1. Deploy NooBaa over Openshift
  2. Try to use the STS route (not the service) for STS actions
  3. Make sure they work