Skip to content

OSDOCS-14879: add link to certificate procedure #100982

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
jldohmann wants to merge 1 commit into
base: main
Choose a base branch
from
Open

OSDOCS-14879: add link to certificate procedure #100982

jldohmann wants to merge 1 commit into from

Conversation

@jldohmann
Copy link
Contributor

@jldohmann jldohmann commented Oct 22, 2025
edited
Loading

@jldohmann jldohmann added this to the Continuous Release milestone Oct 22, 2025
@openshift-ci-robot openshift-ci-robot added the jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. label Oct 22, 2025
@openshift-ci-robot
Copy link

openshift-ci-robot commented Oct 22, 2025
edited by openshift-ci bot
Loading

@jldohmann: This pull request references OSDOCS-14879 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target either version "4.21." or "openshift-4.21.", but it targets "openshift-4.19" instead.

Details

In response to this:

Version(s): 4.19+

Issue: https://issues.redhat.com/browse/OSDOCS-14945

Link to docs preview:

QE review:

  • QE has approved this change.

Additional information:

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@openshift-ci openshift-ci bot added the size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. label Oct 22, 2025
@ocpdocs-previewbot
Copy link

ocpdocs-previewbot commented Oct 22, 2025

🤖 Wed Oct 22 22:18:04 - Prow CI generated the docs preview:

https://100982--ocpdocs-pr.netlify.app/openshift-enterprise/latest/networking/ingress_load_balancing/configuring_ingress_cluster_traffic/ingress-gateway-api.html

@openshift-ci
Copy link

openshift-ci bot commented Oct 22, 2025

@jldohmann: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

@openshift-ci-robot
Copy link

openshift-ci-robot commented Oct 23, 2025
edited by openshift-ci bot
Loading

@jldohmann: This pull request references OSDOCS-14879 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target either version "4.21." or "openshift-4.21.", but it targets "openshift-4.19" instead.

Details

In response to this:

Version(s): 4.19+

Issue: https://issues.redhat.com/browse/OSDOCS-14945

Link to docs preview: https://100982--ocpdocs-pr.netlify.app/openshift-enterprise/latest/networking/ingress_load_balancing/configuring_ingress_cluster_traffic/ingress-gateway-api.html#nw-ingress-gateway-api-enable_ingress-gateway-api

QE review:

  • QE has approved this change.

Additional information:

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@jldohmann
Copy link
Contributor Author

jldohmann commented Oct 23, 2025

@candita i've updated the Gateway API getting started doc to include a link to our doc "Replacing the default ingress certificate" which showswildcard.crt and wildcard.keyare created. wdyt? does this cover everything from your perspective?

@candita
Copy link

candita commented Oct 24, 2025

I'm not sure about this one. What's the real link that it points to?

/hold

@openshift-ci openshift-ci bot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Oct 24, 2025
@jldohmann
Copy link
Contributor Author

jldohmann commented Oct 24, 2025

I'm not sure about this one. What's the real link that it points to?

it is pointing to this content: https://docs.redhat.com/en/documentation/openshift_container_platform/4.20/html/security_and_compliance/configuring-certificates#replacing-default-ingress_replacing-default-ingress

@candita
Copy link

candita commented Nov 7, 2025

The introduction and instructions for creating an ssl certificate should look something like this. Is there anything in our docs that looks like this, especially using the command openssl or acquiring a certificate from a certificate authority (A Certificate Authority (CA) is an entity that issues SSL certificates. ).

First, we will need a certificate for configuring the TLS termination. Acquire a certificate with the common name that you want to use from your CA.

For testing purposes, you can create your own CA and serving certificate as follows:

$ mkdir certs
$ openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -subj "/O=MyCompany/CN=gwapi.${DOMAIN}" -keyout certs/ca.key -out certs/ca.crt
$ openssl req -out certs/edge.csr -newkey rsa:2048 -nodes -keyout certs/edge.key -subj "/CN=*.gwapi.${DOMAIN}/O=MyCompany"
$ openssl x509 -req -sha256 -days 365 -CA certs/ca.crt -CAkey certs/ca.key -set_serial 0 -in certs/edge.csr -out certs/edge.crt

@jldohmann
Copy link
Contributor Author

jldohmann commented Nov 10, 2025

@candita we do, but it's in the serverless docs: https://docs.redhat.com/en/documentation/red_hat_openshift_serverless/1.36/html/integrations/serverless-ossm-setup#serverlesss-ossm-external-certs_serverless-ossm-setup

do you think this makes sense to link out to? or just replicate with the pertinent info? cc: @ahardin-rh

@candita
Copy link

candita commented Nov 12, 2025

@candita we do, but it's in the serverless docs: https://docs.redhat.com/en/documentation/red_hat_openshift_serverless/1.36/html/integrations/serverless-ossm-setup#serverlesss-ossm-external-certs_serverless-ossm-setup

do you think this makes sense to link out to? or just replicate with the pertinent info? cc: @ahardin-rh

If @Miciah or @alebedev87 agree, I think it makes sense to replicate it. But, since it is only for testing purposes, I'm not sure we should publish it (or if serverless should have published it either.)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

branch/enterprise-4.19 branch/enterprise-4.20 do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files.

Projects

None yet

Milestone

Continuous Release

Development

Successfully merging this pull request may close these issues.

4 participants

@jldohmann @openshift-ci-robot @ocpdocs-previewbot @candita