make the custom sign ca secret namespace fixed #245
Conversation
zhujian7
changed the title
|
/assign @zhiweiyin318 @qiujian16 |
| // SigningCARef is the reference to the signing CA secret that must contain the | ||
| // certificate authority data with key "ca.crt" and the private key data with key "ca.key" | ||
| // SigningCARef is the reference to the signing CA secret which type must be "kubernetes.io/tls" and | ||
| // the name must be "custom-signer-secret" |
There was a problem hiding this comment.
we might need to use a more specific secret name. e.g. ocm-addon-template-signer
zhujian7
force-pushed
the
addon-sign-secret
branch
from
22136a7
to
6f5f6d5
Compare
| @@ -155,19 +155,17 @@ type CustomSignerRegistrationConfig struct { | |||
| Subject *Subject `json:"subject,omitempty"` | |||
|
|
|||
| // SigningCA represents the reference of the secret on the hub cluster to sign the CSR | |||
| // the secret name must be "ocm-addon-template-signer", and the secret type must be "kubernetes.io/tls" | |||
| // +kubebuilder:validation:Required | |||
| SigningCA SigningCARef `json:"signingCA"` | |||
There was a problem hiding this comment.
@qiujian16 since we removed the secret name field, do you think the SigningCARef is still necessary? or we just change it to signingCANamespace?
There was a problem hiding this comment.
I am thinking whether it makes more sense to watch secret in a certain namespace, rather than the a fixed name.
Signed-off-by: zhujian <jiazhu@redhat.com>
zhujian7
force-pushed
the
addon-sign-secret
branch
from
6f5f6d5
to
df831ab
Compare
zhujian7
changed the title
|
/approve |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: qiujian16, zhujian7 The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-merge-robot
merged commit 1a4cb6c
into
open-cluster-management-io:main
No description provided.