Skip to content

[OSDOCS-15293] Update nw-mutual-tls-auth.adoc #96042

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jul 17, 2025
Merged

[OSDOCS-15293] Update nw-mutual-tls-auth.adoc #96042

merged 1 commit into from
Jul 17, 2025

Conversation

prithvipatil97
Copy link
Contributor

@prithvipatil97 prithvipatil97 commented Jul 11, 2025
edited
Loading

  • Wrong command structure in Configuring mutual TLS authentication

Here is the current look:

Procedure

  1. In the openshift-config namespace, create a config map from your CA bundle:
$ oc create configmap \
   router-ca-certs-default \ --from-file=ca-bundle.pem=client-ca.crt \ 1  -n openshift-config
  1. Optional, get the Distinguished Name (DN) for allowedSubjectPatterns by entering the following command.
$ openssl  x509 -in custom-cert.pem  -noout -subject
subject= /CN=example.com/ST=NC/C=US/O=Security/OU=OpenShift
  • The above commands are not structured properly.
  • We can use the above command as well, and it will execute perfectly.
  • But its structure is not as per our standard procedure.
  • Hence, it needs to be changed.

Here is the updated look:

  1. In the openshift-config namespace, create a config map from your CA bundle:
$ oc create configmap \
  router-ca-certs-default \
  --from-file=ca-bundle.pem=client-ca.crt \ 1 
  -n openshift-config
  1. Optional, get the Distinguished Name (DN) for allowedSubjectPatterns by entering the following command.
$ openssl  x509 -in custom-cert.pem  -noout -subject
  subject= /CN=example.com/ST=NC/C=US/O=Security/OU=OpenShift

Version(s):

RHOCP 4.20, RHOCP 4.19, RHOCP 4.18, RHOCP 4.17, RHOCP 4.16

Issue:

https://issues.redhat.com/browse/OSDOCS-15293

Link to docs preview:

https://96042--ocpdocs-pr.netlify.app/openshift-dedicated/latest/networking/networking_operators/ingress-operator.html
https://96042--ocpdocs-pr.netlify.app/openshift-enterprise/latest/networking/networking_operators/ingress-operator.html
https://96042--ocpdocs-pr.netlify.app/openshift-rosa/latest/networking/networking_operators/ingress-operator.html

QE review:

  • QE has approved this change.

Additional information:

@openshift-ci openshift-ci bot added the size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. label Jul 11, 2025
@ocpdocs-previewbot
Copy link

ocpdocs-previewbot commented Jul 11, 2025
edited
Loading

🤖 Wed Jul 16 18:12:22 - Prow CI generated the docs preview:

https://96042--ocpdocs-pr.netlify.app/openshift-dedicated/latest/networking/networking_operators/ingress-operator.html
https://96042--ocpdocs-pr.netlify.app/openshift-enterprise/latest/networking/networking_operators/ingress-operator.html
https://96042--ocpdocs-pr.netlify.app/openshift-rosa/latest/networking/networking_operators/ingress-operator.html

@prithvipatil97
Copy link
Contributor Author

/retest-required

@prithvipatil97
Copy link
Contributor Author

/label peer-review-needed

@openshift-ci openshift-ci bot added the peer-review-needed Signifies that the peer review team needs to review this PR label Jul 15, 2025
@snarayan-redhat snarayan-redhat added peer-review-in-progress Signifies that the peer review team is reviewing this PR and removed peer-review-needed Signifies that the peer review team needs to review this PR labels Jul 16, 2025
snarayan-redhat
snarayan-redhat reviewed Jul 16, 2025
View reviewed changes
Copy link
Contributor

@snarayan-redhat snarayan-redhat left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@snarayan-redhat snarayan-redhat added peer-review-done Signifies that the peer review team has reviewed this PR and removed peer-review-in-progress Signifies that the peer review team is reviewing this PR labels Jul 16, 2025
@prithvipatil97
Copy link
Contributor Author

Hello Team,
I need QE approval for this change.

All checks have passed, and Peer review is also done.

It would be really helpful if someone could please take a look and provide QE approval for this change.

cc: @zhaozhanqi, @yingwang-0320, @lihongan, @rhamini3

Regards,
Prithviraj Patil

lihongan
lihongan reviewed Jul 16, 2025
View reviewed changes
lihongan
lihongan reviewed Jul 16, 2025
View reviewed changes
@openshift-ci openshift-ci bot added size/S Denotes a PR that changes 10-29 lines, ignoring generated files. and removed size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. labels Jul 16, 2025
@prithvipatil97
[OSDOCS-15293] Update nw-mutual-tls-auth.adoc
3008189 
- Wrong command structure in Configuring mutual TLS authentication

Here is the current look:

Procedure

1. In the openshift-config namespace, create a config map from your CA bundle:

$ oc create configmap \
   router-ca-certs-default \
   --from-file=ca-bundle.pem=client-ca.crt \ 1
   -n openshift-config
4. Optional, get the Distinguished Name (DN) for allowedSubjectPatterns by entering the following command.

$ openssl  x509 -in custom-cert.pem  -noout -subject
subject= /CN=example.com/ST=NC/C=US/O=Security/OU=OpenShift
The above commands are not structured properly.
We can use the above command as well, and it will execute perfectly.
But its structure is not as per our standard procedure.
Hence, it needs to be changed.
Here is the updated look:

1. In the openshift-config namespace, create a config map from your CA bundle:

$ oc create configmap \
  router-ca-certs-default \
  --from-file=ca-bundle.pem=client-ca.crt \ 1
  -n openshift-config
4. Optional, get the Distinguished Name (DN) for allowedSubjectPatterns by entering the following command.

$ openssl  x509 -in custom-cert.pem  -noout -subject
  subject= /CN=example.com/ST=NC/C=US/O=Security/OU=OpenShift

[new-commit]Update nw-mutual-tls-auth.adoc

[new-commit]Update nw-mutual-tls-auth.adoc
@openshift-ci OpenShift CI
Copy link

openshift-ci bot commented Jul 16, 2025

@prithvipatil97: all tests passed!

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

@prithvipatil97
Copy link
Contributor Author

Hello @lihongan ,
I have successfully committed the suggestion.
Could you please check and let me know if we are good to proceed with the merge?

Regards,
Prithviraj Patil

@rhamini3
Copy link

/label qe-approved
LGTM

@openshift-ci openshift-ci bot added the qe-approved Signifies that QE has signed off on this PR label Jul 16, 2025
@prithvipatil97
Copy link
Contributor Author

/label merge-review-needed

@openshift-ci openshift-ci bot added the merge-review-needed Signifies that the merge review team needs to review this PR label Jul 16, 2025
@jeana-redhat jeana-redhat added this to the Continuous Release milestone Jul 17, 2025
jeana-redhat
jeana-redhat approved these changes Jul 17, 2025
View reviewed changes
Copy link
Contributor

@jeana-redhat jeana-redhat left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice work!

/remove-label merge-review-in-progress
/remove-label merge-review-needed

@openshift-ci openshift-ci bot removed merge-review-in-progress Signifies that the merge review team is reviewing this PR merge-review-needed Signifies that the merge review team needs to review this PR labels Jul 17, 2025
@jeana-redhat jeana-redhat merged commit e074e24 into openshift:main Jul 17, 2025
2 checks passed
@jeana-redhat
Copy link
Contributor

/cherrypick enterprise-4.20
/cherrypick enterprise-4.19
/cherrypick enterprise-4.18
/cherrypick enterprise-4.17
/cherrypick enterprise-4.16

@openshift-cherrypick-robot
Copy link

@jeana-redhat: new pull request created: #96285

In response to this:

/cherrypick enterprise-4.20
/cherrypick enterprise-4.19
/cherrypick enterprise-4.18
/cherrypick enterprise-4.17
/cherrypick enterprise-4.16

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@openshift-cherrypick-robot openshift-cherrypick-robot mentioned this pull request Jul 17, 2025
Merged
@openshift-cherrypick-robot
Copy link

@jeana-redhat: new pull request created: #96286

In response to this:

/cherrypick enterprise-4.20
/cherrypick enterprise-4.19
/cherrypick enterprise-4.18
/cherrypick enterprise-4.17
/cherrypick enterprise-4.16

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@openshift-cherrypick-robot openshift-cherrypick-robot mentioned this pull request Jul 17, 2025
Merged
@openshift-cherrypick-robot
Copy link

@jeana-redhat: new pull request created: #96287

In response to this:

/cherrypick enterprise-4.20
/cherrypick enterprise-4.19
/cherrypick enterprise-4.18
/cherrypick enterprise-4.17
/cherrypick enterprise-4.16

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@openshift-cherrypick-robot openshift-cherrypick-robot mentioned this pull request Jul 17, 2025
Merged
@openshift-cherrypick-robot
Copy link

@jeana-redhat: new pull request created: #96288

In response to this:

/cherrypick enterprise-4.20
/cherrypick enterprise-4.19
/cherrypick enterprise-4.18
/cherrypick enterprise-4.17
/cherrypick enterprise-4.16

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@openshift-cherrypick-robot openshift-cherrypick-robot mentioned this pull request Jul 17, 2025
Open
@openshift-cherrypick-robot
Copy link

@jeana-redhat: new pull request created: #96289

In response to this:

/cherrypick enterprise-4.20
/cherrypick enterprise-4.19
/cherrypick enterprise-4.18
/cherrypick enterprise-4.17
/cherrypick enterprise-4.16

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@openshift-cherrypick-robot openshift-cherrypick-robot mentioned this pull request Jul 17, 2025
Open
@prithvipatil97
Copy link
Contributor Author

Nice work!

/remove-label merge-review-in-progress /remove-label merge-review-needed

Thank you very much :) @jeana-redhat

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lihongan lihongan lihongan left review comments

@snarayan-redhat snarayan-redhat snarayan-redhat left review comments

@jeana-redhat jeana-redhat jeana-redhat approved these changes

Assignees
No one assigned
Labels
branch/enterprise-4.16 branch/enterprise-4.17 branch/enterprise-4.18 branch/enterprise-4.19 branch/enterprise-4.20 peer-review-done Signifies that the peer review team has reviewed this PR qe-approved Signifies that QE has signed off on this PR size/S Denotes a PR that changes 10-29 lines, ignoring generated files.
Projects
None yet
Milestone
Continuous Release
Development

Successfully merging this pull request may close these issues.
7 participants
@prithvipatil97 @ocpdocs-previewbot @rhamini3 @jeana-redhat @openshift-cherrypick-robot @lihongan @snarayan-redhat