From 00f55552a08fdeb443072e12bbc798703425cffc Mon Sep 17 00:00:00 2001 From: Armel Soro Date: Fri, 26 Jul 2024 13:53:07 +0200 Subject: [PATCH] docs: add note in CRD that using Routes with external certificates in TLS Secrets is Technical Preview in OCP [RHDHBUGS-45] (#413) * Add note in CRD that Routes with external certificates in TLS Secrets is Tech Preview in OCP * Regenerate bundle manifests --- api/v1alpha1/backstage_types.go | 2 ++ api/v1alpha2/backstage_types.go | 2 ++ .../backstage-operator.clusterserviceversion.yaml | 2 +- bundle/manifests/rhdh.redhat.com_backstages.yaml | 12 ++++++++++-- config/crd/bases/rhdh.redhat.com_backstages.yaml | 12 ++++++++++-- 5 files changed, 25 insertions(+), 5 deletions(-) diff --git a/api/v1alpha1/backstage_types.go b/api/v1alpha1/backstage_types.go index 0facd95a..61332c55 100644 --- a/api/v1alpha1/backstage_types.go +++ b/api/v1alpha1/backstage_types.go @@ -260,6 +260,8 @@ type TLS struct { // chain. Do not include a CA certificate. The secret referenced should // be present in the same namespace as that of the Route. // Forbidden when `certificate` is set. + // Note that securing Routes with external certificates in TLS secrets is a Technology Preview feature in OpenShift, + // and requires enabling the `RouteExternalCertificate` OpenShift Feature Gate and might not be functionally complete. // +optional ExternalCertificateSecretName string `json:"externalCertificateSecretName,omitempty"` diff --git a/api/v1alpha2/backstage_types.go b/api/v1alpha2/backstage_types.go index a1288242..d94976a5 100644 --- a/api/v1alpha2/backstage_types.go +++ b/api/v1alpha2/backstage_types.go @@ -275,6 +275,8 @@ type TLS struct { // chain. Do not include a CA certificate. The secret referenced should // be present in the same namespace as that of the Route. // Forbidden when `certificate` is set. + // Note that securing Routes with external certificates in TLS secrets is a Technology Preview feature in OpenShift, + // and requires enabling the `RouteExternalCertificate` OpenShift Feature Gate and might not be functionally complete. // +optional ExternalCertificateSecretName string `json:"externalCertificateSecretName,omitempty"` diff --git a/bundle/manifests/backstage-operator.clusterserviceversion.yaml b/bundle/manifests/backstage-operator.clusterserviceversion.yaml index 9578ec6d..59f474c3 100644 --- a/bundle/manifests/backstage-operator.clusterserviceversion.yaml +++ b/bundle/manifests/backstage-operator.clusterserviceversion.yaml @@ -21,7 +21,7 @@ metadata: } ] capabilities: Seamless Upgrades - createdAt: "2024-07-16T20:47:15Z" + createdAt: "2024-07-25T11:50:13Z" operatorframework.io/suggested-namespace: backstage-system operators.operatorframework.io/builder: operator-sdk-v1.33.0 operators.operatorframework.io/project_layout: go.kubebuilder.io/v3 diff --git a/bundle/manifests/rhdh.redhat.com_backstages.yaml b/bundle/manifests/rhdh.redhat.com_backstages.yaml index 8acba889..2ae9d8ee 100644 --- a/bundle/manifests/rhdh.redhat.com_backstages.yaml +++ b/bundle/manifests/rhdh.redhat.com_backstages.yaml @@ -260,7 +260,11 @@ spec: serving certificate, not a certificate chain. Do not include a CA certificate. The secret referenced should be present in the same namespace as that of the Route. - Forbidden when `certificate` is set. + Forbidden when `certificate` is set. Note that securing + Routes with external certificates in TLS secrets is + a Technology Preview feature in OpenShift, and requires + enabling the `RouteExternalCertificate` OpenShift Feature + Gate and might not be functionally complete. type: string key: description: key provides key file contents @@ -622,7 +626,11 @@ spec: serving certificate, not a certificate chain. Do not include a CA certificate. The secret referenced should be present in the same namespace as that of the Route. - Forbidden when `certificate` is set. + Forbidden when `certificate` is set. Note that securing + Routes with external certificates in TLS secrets is + a Technology Preview feature in OpenShift, and requires + enabling the `RouteExternalCertificate` OpenShift Feature + Gate and might not be functionally complete. type: string key: description: key provides key file contents diff --git a/config/crd/bases/rhdh.redhat.com_backstages.yaml b/config/crd/bases/rhdh.redhat.com_backstages.yaml index e42a54e1..5930c075 100644 --- a/config/crd/bases/rhdh.redhat.com_backstages.yaml +++ b/config/crd/bases/rhdh.redhat.com_backstages.yaml @@ -261,7 +261,11 @@ spec: serving certificate, not a certificate chain. Do not include a CA certificate. The secret referenced should be present in the same namespace as that of the Route. - Forbidden when `certificate` is set. + Forbidden when `certificate` is set. Note that securing + Routes with external certificates in TLS secrets is + a Technology Preview feature in OpenShift, and requires + enabling the `RouteExternalCertificate` OpenShift Feature + Gate and might not be functionally complete. type: string key: description: key provides key file contents @@ -623,7 +627,11 @@ spec: serving certificate, not a certificate chain. Do not include a CA certificate. The secret referenced should be present in the same namespace as that of the Route. - Forbidden when `certificate` is set. + Forbidden when `certificate` is set. Note that securing + Routes with external certificates in TLS secrets is + a Technology Preview feature in OpenShift, and requires + enabling the `RouteExternalCertificate` OpenShift Feature + Gate and might not be functionally complete. type: string key: description: key provides key file contents