skupper icon indicating copy to clipboard operation
skupper copied to clipboard
verified publisher icon skupperproject

RouterAccess and remote CAs

Open ted-ross opened this issue 8 months ago • 0 comments

This issue requests a change to the way that RouterAccess resources are processed when generateTlsCredentials is turned off.

Here's the scenario:

  • generateTlsCredentials is set to false
  • tlsCredentials is set to the name of a secret that does not exist

The controller should, in this case:

  • Create the specified ingress(es) (Route, loadbalancer, etc.)
  • Populate the RouterAccess.Status.endpoints[].host with the resulting hostname(s) for the ingress(es)
  • Set the status to Pending with a reason of 'Waiting for Secret'

An external entity can then generate a server certificate using the provided hostname(s) and put it in the aforementioned secret.

Once the controller sees the new secret, it can complete the process of configuring the ingress and move to Ready state.

ted-ross avatar May 06 '25 17:05 ted-ross