As a SDP user I need to get the current ca.crt so that I can put it in external clients or e.g. OpenShift routes.
### Things to watch out
- [ ] The mechanism must work wit CA cert rotation. We e.g. need to return a list of certs that are not expired yet
- [ ] The mechanism is aligned with the Discovery 2.0. The reason is that Discovery 2.0 might include the ca cert for the stacklet as well. But even *if* so, this API might give all certs (see rotation above) and the discovery only the current one. However, this is speculation as Discovery 2.0 is not there yet
Workaround
Until this is implemented you can use one of the following workarounds:
Read the ca.crt from the referenced Secret in the SecretClass. Usually it is called secret-provisioner-tls-ca and is located either in the default or stackable-operators namespace.
There is a similar Issue for Pods: https://github.com/stackabletech/secret-operator/issues/320
As a SDP user I need to get the current ca.crt so that I can put it in external clients or e.g. OpenShift routes.
Workaround
Until this is implemented you can use one of the following workarounds:
ca.crt
from the referenced Secret in the SecretClass. Usually it is calledsecret-provisioner-tls-ca
and is located either in thedefault
orstackable-operators
namespace.