noobaa-operator icon indicating copy to clipboard operation
noobaa-operator copied to clipboard

Published 20 hours ago verified publisher icon noobaa

Certificate signed by Custom CA (instead of Openshift CA) is not trusted

Open mhtgrwl5 opened this issue 9 months ago • 0 comments

Environment info

  • NooBaa Operator Version: 5.13.2
  • Platform: OpenShift 4.12

Actual behavior

  1. There is no way to inject custom CA that is known to operator.
  2. As per discussion, there are various ways to pass the CA certificate. The CAs are a part of custom secret and are mounted into the resources. But found no way to tell noobaa-operator that CA certificate to be utilised has to come from /<some-location>/ca.crt
  3. However, validated non-SSL connectivity. It is working fine.

Expected behavior

  1. The operator should allow to use custom CA as well as certificate as per doc - https://github.com/noobaa/noobaa-operator/blob/master/doc/ssl-dns-routing.md
  2. The operator should be smart enough about the CA to be utilised.

Steps to reproduce

  1. Create a certificate for each of the two service mgmt and s3. Without using Openshift CA.
  2. Follow the rest of the instructions from here - https://github.com/noobaa/noobaa-operator/blob/master/doc/ssl-dns-routing.md
  3. Create the noobaa deployment.

More information - Screenshots / Logs / Other output

noobaa-endpoint logs

Sep-13 8:20:12.994 [Endpoint/13]    [L0] core.server.bg_services.namespace_monitor:: namespace_monitor: system_store did not finish initial load
Sep-13 8:20:14.662 [Endpoint/13]    [L0] core.rpc.rpc_base_conn:: RPC CONNECTION CLOSED. got event from connection: [wss://noobaa-mgmt.staging.svc:443](wss://noobaa-mgmt.staging.svc/)(eehmsxr.zzts) Error: unable to verify the first certificate
    at TLSSocket.onConnectSecure (node:_tls_wrap:1538:34)
    at TLSSocket.emit (node:events:513:28)
    at TLSSocket.emit (node:domain:489:12)
    at TLSSocket._finishInit (node:_tls_wrap:952:8)
    at ssl.onhandshakedone (node:_tls_wrap:733:12)
Sep-13 8:20:14.663 [Endpoint/13]    [L0] core.rpc.rpc_base_conn:: RPC CONNECTION CLOSED. got event from connection: [wss://noobaa-mgmt.staging.svc:443](wss://noobaa-mgmt.staging.svc/)(eehmsxr.zzts) WS CLOSED
Sep-13 8:20:14.663 [Endpoint/13]  [WARN] core.rpc.rpc:: RPC RECONNECT FAILED [wss://noobaa-mgmt.staging.svc:443](wss://noobaa-mgmt.staging.svc/) reconn_backoff 5000 unable to verify the first certificate

mhtgrwl5 avatar Sep 20 '23 11:09 mhtgrwl5