noobaa-operator
noobaa-operator copied to clipboard
Certificate signed by Custom CA (instead of Openshift CA) is not trusted
Environment info
- NooBaa Operator Version: 5.13.2
- Platform: OpenShift 4.12
Actual behavior
- There is no way to inject custom CA that is known to operator.
- As per discussion, there are various ways to pass the CA certificate. The CAs are a part of custom secret and are mounted into the resources. But found no way to tell noobaa-operator that CA certificate to be utilised has to come from
/<some-location>/ca.crt
- However, validated non-SSL connectivity. It is working fine.
Expected behavior
- The operator should allow to use custom CA as well as certificate as per doc - https://github.com/noobaa/noobaa-operator/blob/master/doc/ssl-dns-routing.md
- The operator should be smart enough about the CA to be utilised.
Steps to reproduce
- Create a certificate for each of the two service
mgmt
ands3
. Without using Openshift CA. - Follow the rest of the instructions from here - https://github.com/noobaa/noobaa-operator/blob/master/doc/ssl-dns-routing.md
- Create the noobaa deployment.
More information - Screenshots / Logs / Other output
noobaa-endpoint logs
Sep-13 8:20:12.994 [Endpoint/13] [L0] core.server.bg_services.namespace_monitor:: namespace_monitor: system_store did not finish initial load
Sep-13 8:20:14.662 [Endpoint/13] [L0] core.rpc.rpc_base_conn:: RPC CONNECTION CLOSED. got event from connection: [wss://noobaa-mgmt.staging.svc:443](wss://noobaa-mgmt.staging.svc/)(eehmsxr.zzts) Error: unable to verify the first certificate
at TLSSocket.onConnectSecure (node:_tls_wrap:1538:34)
at TLSSocket.emit (node:events:513:28)
at TLSSocket.emit (node:domain:489:12)
at TLSSocket._finishInit (node:_tls_wrap:952:8)
at ssl.onhandshakedone (node:_tls_wrap:733:12)
Sep-13 8:20:14.663 [Endpoint/13] [L0] core.rpc.rpc_base_conn:: RPC CONNECTION CLOSED. got event from connection: [wss://noobaa-mgmt.staging.svc:443](wss://noobaa-mgmt.staging.svc/)(eehmsxr.zzts) WS CLOSED
Sep-13 8:20:14.663 [Endpoint/13] [WARN] core.rpc.rpc:: RPC RECONNECT FAILED [wss://noobaa-mgmt.staging.svc:443](wss://noobaa-mgmt.staging.svc/) reconn_backoff 5000 unable to verify the first certificate