OLS-385: User provided certs #411

raptorsun · 2024-09-16T16:51:31Z

Description

User can provide TLS key and certificates for the communication between console proxy and the application HTTPS endpoint:

CA certificate for the console proxy to authenticate application HTTPS endpoint .spec.ols.deployment.console.caCertificate
key and certificate issued by the CA mentioned above, used by the application HTTPS endpoint .spec.ols.tlsConfig

Type of change

Related Tickets & Documents

Related Issue #
Closes # OLS-385

Checklist before requesting a review

I have performed a self-review of my code.
PR has passed all pre-merge test jobs.
If it is a core feature, I have added thorough tests.

Testing

olsconfig.yaml

apiVersion: ols.openshift.io/v1alpha1
kind: OLSConfig
metadata:
  name: cluster
spec:
  llm:
    providers:
      - type: openai
        credentialsSecretRef:
          name: openai-key
        models:
          - name: gpt-3.5-turbo
          - name: gpt-4-turbo
        name: openai
        url: https://api.openai.com/v1
  ols:
    defaultModel: gpt-4-turbo
    defaultProvider: openai
    logLevel: INFO
    deployment:
      replicas: 1
      console:
        caCertificate: |
          -----BEGIN CERTIFICATE-----
          MIIFEDCCAvigAwIBAgIUQ3cTd7CGbuQ90mfXLWsP9xzZwZAwDQYJKoZIhvcNAQEL
          BQAwDzENMAsGA1UEAwwETXlDQTAeFw0yNDA5MTgwOTQ4NDBaFw0yNTA5MTgwOTQ4
          NDBaMA8xDTALBgNVBAMMBE15Q0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK
          AoICAQDxdE4G/zfKbqAo9RE37iFr6yebojh0dRZjSeAfOXZLWxnaNeGvnxBSOyxD
          8GZ3qZtqAB0g3wWes26XUg1z8+Gg8uZ/AZjlpXwkPj5Ff7De1VAkJtpfF43tZaw1
          2DA+qMhPcKW/AzU216xRIFiwXt+QUQzJP+RLOjr/7Ruopeia9HwQ7zQzINzVcyAZ
          ncEGs5BAD//qBzRKg2r9EHOy33SVgowhkwIr7XDi9JOjxAX20NOvnGw2Wr26nInB
          L+o1VZu5Io+NLZQAzT1AJOkAEt5h7ucp3lPsgruiNKfSCxJpx574tpZN5UJRacZp
          6eWU/a2bYoMb9SxNLAE3wDn77VpAJe7vyaqZYN7Q/pkv/ltsrXWruWmxU4b3OeBe
          ioO0qKGivcikogz2qOKNO+uiPuheqlRR9Uv3gxIfPI2Hgb/bXKWYsB09L7NMowxz
          /5MGt3+wEMNWIbPbgHXI2EGGdEn4jai8zrXPP+qsbRV6475X2nm5FP7s6UfZ7T+M
          WDkthX4+3gVQN+mc2eUlrULAPjCaQ7aWXzRM7WJJE74kosl4L+/zyGj++tBGQOAH
          9f6RGbn+RpDUXkA0O+lDb0Unzd4M36aieDFu3lTkVZqrORzM+wQAV12xfiLfU833
          ePzUZxPJ7YG0jLFvSMm8SMOb93+1YGSeAWZkdUI0CkD2GLU4FwIDAQABo2QwYjAd
          BgNVHQ4EFgQUZCneQQdNviHC/FwzO7OUarMmo8YwHwYDVR0jBBgwFoAUZCneQQdN
          viHC/FwzO7OUarMmo8YwDwYDVR0TAQH/BAUwAwEB/zAPBgNVHREECDAGggRNeUNB
          MA0GCSqGSIb3DQEBCwUAA4ICAQCDD4Kzwtl8WgcxXltGPUe3s+9dc14LDKqy1Qz8
          DyI87Z9K3GqQLxtM77cpSXnuKAPh6MJ3B5Q3vO5jGFq6H2WMFDNQNnchF5Kofr1H
          isVFlrTAHqw1sf0kNvmBkWDVD05t1wcWylOoDYrB83w439pDKu+CNVttunfR8EUI
          yUFJqH217xLNpiLHw++SDC8eRiXzNM3kzMu2un6EPB9fe4gQ9+kjnUAm8AdfJjHA
          gmVS2p9nt4TzgljOldc7TJkOaZSDNj7W6Os5EWVtjqqYEasKWZNEaOGgBNw6lqZ3
          qkHlCC7zOMklfvAtK40YsXDJ0OApn4JSowKL4y9dZbtGq4Vl5WoAcy8JQKvkkGvW
          bI9X4BR3bDdTVovMLnznX4arzA1fWrku7gIf0bAT9TiVzxOgUU+vAutCUht/1HFF
          aW88S3lbOa12wLjpaOmnLpnCHwdNYFqBYPHjiY642WZ9rzsGB9p0x+dmPSDaB+1a
          1Nh8bfmx6zRhZudRFdbRb0FCaR1cCqAqAYWGakbN177AX1DXawD0M5a8ENRbru43
          CT1qjJIjkt+MLAr1APJU1rVw4E/iN27j16+h2ktKnd4aLToALHNwE/kBS9ME/oK6
          BCK0z/8HKlughx6OvIuCNwe4SX1smeNJz1kwbeUa15wElYEeCNHii4W2pULEgcXR
          f+I6Sg==
          -----END CERTIFICATE-----
    tlsConfig:
      keyCertSecretRef:
        name: user-app-tls

secret-user-app-tls.yaml

apiVersion: v1
kind: Secret
metadata:
  name: user-app-tls
  namespace: openshift-lightspeed
type: kubernetes.io/tls
data:
  tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZlVENDQTJHZ0F3SUJBZ0lVWU15Wno5RWd4Q0ZsNldmV1BvM1FIVUd2WGQ4d0RRWUpLb1pJaHZjTkFRRUwKQlFBd0R6RU5NQXNHQTFVRUF3d0VUWGxEUVRBZUZ3MHlOREE1TVRnd09UUTROREZhRncweU5UQTVNVGd3T1RRNApOREZhTUNBeEhqQWNCZ05WQkFNTUZXeHBaMmgwYzNCbFpXUXRZWEJ3TFhObGNuWmxjakNDQWlJd0RRWUpLb1pJCmh2Y05BUUVCQlFBRGdnSVBBRENDQWdvQ2dnSUJBSnl1RDRTRWd3T3M4VVBsZDVjYzNtOW9vK3dyam5YNU0yUWsKT3EyTUI5RE1PWlRLdXhOeGsvUGVPczREc3pwSGZVVnpCQWlQdXNVQ0NIdjNwMm1GMUtFSEJQQ1p4elljTnlDbwpBS1A5UWtSYVZSVVUwR0NUM0ZQOVhPNm5Ga1BhS0RCK1Q4Y29zRDB2QVNGMGFSWkh5Z3p4elpQaW9BOG1KaWJOClM2amZ2UEhwWjhubU1HMUtqcFZIVEYyNWJKZjF2dkg1V2l2bkZ4MzkzRWpOU3NUeGlCc2xUQ09PQkdJdnZBemoKZ1pqbENkY1ZxY3l1YUFWTjVHdXRmQnpEbHN5czlyYWgrM3BWZVViNXdYWmR3eFhpZnpWUWllRnFtVEprNnNMeApRQmZLRytpeHlLUStrWDlYOVNHQ0NnRldBeVl5dHZ1LzBTcGlBOStPajZ2dS9va2RaQXZMVDZjTk5uVFAzMmZ1CmQ5U1NTSTNTUkVlb2MyY0MrTDNqOGVralJUblhDd2xUeU9oaXVrY0docXNZWEEyOWdPSHJ1UzF3WDlreGwrYVIKY3pzL3YydE1qWWFkV1VLdGpKdllOa2Qzd0xNcHlsR3k0OHNWTDJXQkN0ZWh6MS9UWG9naWVBRlA3YmNwbzFTNQpnRVkwZVQ4bTF5WXdtVWswd0p3WmQzL1V2WUlKR0loWHRmTU9BbmVjcnQwWWxZeDlwWjd3RmtmMUkrSU5XK09uCm5UWFpZN3F1cEZZNVhYZHNvNVZlMXVQa1NJNW40dHQycTljejY1djZVaXRUNGtXOWo2bDFMakduVGdMV3hBSlgKWmRxc3lSNGx0U0ZxWmd4amorOUI5aFdHMVNGNU10K1NWVHlvYlUwalRsT2pIYVRmZzJPa05lSjd6S0RBSjVxaQpRR0lLd3BZREFnTUJBQUdqZ2Jzd2diZ3dkZ1lEVlIwUkJHOHdiWUlWYkdsbmFIUnpjR1ZsWkMxaGNIQXRjMlZ5CmRtVnlnanhzYVdkb2RITndaV1ZrTFdGd2NDMXpaWEoyWlhJdWIzQmxibk5vYVdaMExXeHBaMmgwYzNCbFpXUXUKYzNaakxtTnNkWE4wWlhJdWJHOWpZV3lIQkg4QUFBR0hFQUFBQUFBQUFBQUFBQUFBQUFBQUFBRXdIUVlEVlIwTwpCQllFRk9TdndwU3pWcUtUMzhncWZ4bXRGV3ozcFc1bU1COEdBMVVkSXdRWU1CYUFGR1FwM2tFSFRiNGh3dnhjCk16dXpsR3F6SnFQR01BMEdDU3FHU0liM0RRRUJDd1VBQTRJQ0FRRFJ6eE55Ym5JakRkVkJ4VGtLMEZTd2p2SUsKM3FWNUVSSWlkcEI2RkovQzJldjZxTmM3bm9wK3JCakptb3d2RzhNZmFBbzVua0w0MG51YlRBSTZkUEVKRHh3bAppWFBuemNXVzllL29mUFlxVnBhNVV0RUkrWHk4d3VBcG9tTUx6aFVTTC91WSt1THRFUjNxZG41ekNqZEZPdjdmCnZSNlBMcFBYWTY3NWxMdmhRV0pGc3FMZG0rLzI3cjhrK2cxVDRhLzY1bmlXLzJBVXJmMFIyWkZOSU5uYUQ5VVAKYzgrS2xGS3I4NFhWNS9zTEJVWks0SXJRQjlFT2kxcFRzQTRPK2RVa09sVi94R2NwYVZBdnZJcWdyNUdQeWt1Rgp1c1o1MWFPaTZocVJxMm1lcmZTRWpoQWJFMVhsdGxoa3lqV2ZaMlExUzkwMFFPZC8xc2UrNmVWMzNXVnNzcGxxCjFOTWhjOUZqM2RYUndPbzUzTFJ3TlNFWE16RmFzT0k1UGowVnFlTm83bmVQa2l1T3JkZHk5UVhFZ0ZVRXpRSk4KM1Jxc0d3blowMHoza040RFhSWDZwL0RJRVU5d1hEVzhtZWt0R1hIM0JWTFJsUjFKN3ljaEpBdVlINTd2SUZLcwpzb0lqZ3NsSmloM05yVlltYXFxanZmVFcrWklXL0U3R1czN1NhTHU3ZGk5ajVoSENmT3hRWTlEUmlHUHc4UkZyClNlamwwaWRBamZpVkdzVWJUbEIyNkNJdjRhc2ZvdmVXWTFPUStpY2MwTERiMWlzVVQ3VkkrK0kwZWcydzdoMGIKU3FSd3c3SlE1US8rU1VNVzlsNUFPamc2di9PY2ZGcEN5RGZQY3Z4S1NtL2kreXQxSG1xbktmRkNCTnZiTlBDTAp2eGN0OVcvNkZUK0FLWk1FTXc9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
  tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUpRZ0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQ1N3d2dna29BZ0VBQW9JQ0FRQ2NyZytFaElNRHJQRkQKNVhlWEhONXZhS1BzSzQ1MStUTmtKRHF0akFmUXpEbVV5cnNUY1pQejNqck9BN002UjMxRmN3UUlqN3JGQWdoNwo5NmRwaGRTaEJ3VHdtY2MySERjZ3FBQ2ovVUpFV2xVVkZOQmdrOXhUL1Z6dXB4WkQyaWd3ZmsvSEtMQTlMd0VoCmRHa1dSOG9NOGMyVDRxQVBKaVltelV1bzM3eng2V2ZKNWpCdFNvNlZSMHhkdVd5WDliN3grVm9yNXhjZC9keEkKelVyRThZZ2JKVXdqamdSaUw3d000NEdZNVFuWEZhbk1ybWdGVGVScnJYd2N3NWJNclBhMm9mdDZWWGxHK2NGMgpYY01WNG44MVVJbmhhcGt5Wk9yQzhVQVh5aHZvc2Npa1BwRi9WL1VoZ2dvQlZnTW1NcmI3djlFcVlnUGZqbytyCjd2NkpIV1FMeTArbkRUWjB6OTluN25mVWtraU4wa1JIcUhObkF2aTk0L0hwSTBVNTF3c0pVOGpvWXJwSEJvYXIKR0Z3TnZZRGg2N2t0Y0YvWk1aZm1rWE03UDc5clRJMkduVmxDcll5YjJEWkhkOEN6S2NwUnN1UExGUzlsZ1FyWApvYzlmMDE2SUluZ0JUKzIzS2FOVXVZQkdOSGsvSnRjbU1KbEpOTUNjR1hkLzFMMkNDUmlJVjdYekRnSjNuSzdkCkdKV01mYVdlOEJaSDlTUGlEVnZqcDUwMTJXTzZycVJXT1YxM2JLT1ZYdGJqNUVpT1orTGJkcXZYTSt1YitsSXIKVStKRnZZK3BkUzR4cDA0QzFzUUNWMlhhck1rZUpiVWhhbVlNWTQvdlFmWVZodFVoZVRMZmtsVThxRzFOSTA1VApveDJrMzROanBEWGllOHlnd0NlYW9rQmlDc0tXQXdJREFRQUJBb0lDQUFqRUZFb3R2OGJDTTUxcmhvMWJLQ0Z1Ck8vMmRVajNNME5DVzFsR2FEQXM2aklqWlJDNDArZVROck5jL09HcUNVQmZ2OU1IUWlNL2lQK2RGQVREVGlWbnUKWFVXNDFOUjAybFlSWlkwY2xrczNZcHMrQVlxUVplWUNhWTM3VUlaQXBtUlFMTlo2WGFIa0IxbC8wZGFxblpDcgoxcWRNMC9ldnJXTER0RlZMeEo1NW1KSkxOcSs4QkNPRjl3Sjh1cWxRZzlFTFNtZzZhRk5kUGYzZmFTeldTKzhqCmlieFRneHRGNEd6aTJGVmRrSGRnTEQwdlpOSjhlOU1xYnZuaVY0V01COHhLczhTSEU3U2lOSmk5YTRvYlAxSysKOXMwNGZEOFM0UVRzZFNiZmxVQW5uT1RUa0tzTW1NSmtnWHJNVW50elN1N2xoSHV0T3RvL0lrLys4Y1FVeU9GcApvWnVzVjFBYmNrM2p1WnhHUEZXTnlmN2xrcnpOb1czaHdNalNNNDM5V0RBYzZtUXFHeEZ4VlBFcWgwZld5QWFUCm1GTXhWUCtHeXZNVjJqRGszaHpKVDFCRzFsY0o4bWZ1eHNoMlFwUkdMK1ViSkF2UVhFNk40YVViSXdPN1MzdmQKRld3WnVrTnJ0cFZEK2t6Qm90T3Q5bXNrekhBSkIza0xEQ2xlWlVPMWI3MjBQTDlYUnJvWW5DamlTbitQRU92agpnN0ZkU0R0bzkzWG5vbVgzUEpqRXBMTHBxMWd6QWpsZG5UQUlCYnU5bWc4T0VKVjh0c2hLekEyZThuV295a2hrCnJTNlJvbktHUlJRdnMwWUVqb1BmWTF2RGJKdVZHSVN0MjZua3ZyVHdaT1AyUXNNa29HcFRhSWpYTWwyOUtMdEsKbW9iSVZ3RlNvR2hvVi9BL3hVaUJBb0lCQVFETWpBd3o5cVI4QXZwL1VTWjVPdjNjRVh6MHFMbStXMnlzWnZlTQpGSWZUT2lnRUduWmhrYVd0b2hPdksvdVg5RHFzL1Y0a0lYdHNTTVpTLzd3TVFxdUkrY2ZpQUJjbHlBQWVwVlpICkwrUjR5Z0dSTEVDd1hBdVhnWGVocU11Z2J1Y2JUc1J2NnVpWWZZNjdoSnlCeXlud0loVkx6VS91bUtBUTV1S00KNmZlMlZseURoam80RFo0QTVBQnBKbUJYM0VQYTIwTWVjb0tCK2tCd3JlSk1wMVpZa2ZEVGN5Q001V0tkdmc1TgpVS1FsR2wyL2JDT0pUeUNzMlYwQVVjbnBkcllWTE1sanNsU2dOZERadDJNaDFZVGV5U3N4WG5BZGNjL2FwcjBqCnVFK25uK1dMMlVKcEVETU13M1dWVzRyNkZyTzVjekFnWkJwcDNsbEN4ZDZXZ1RESkFvSUJBUURFRjVNc0UrL0oKTEdSeTZONGt2V3ovV2s2OFBmR1NNSWNzZHdkYUFOVlRvUVhScGM0NUVSd2JNWDhPMjhCY3F5OTJxalVHQ2l6cApvTHFJWG91OXRCMmowMzZnMGlaN3dHR050NGp5dWlZa3M0LzNYNHl4Vm4rOWxYUlZPalQ5N2ROeGtUc1NsSm1sCmZOYVIxMzRLOVpQeXltWlFFUlVCZlV3YUV6RWQyRHZ3TnJBY3ovWCtyZEdtSjNudVVGTERvcHdmZi9BYXVWU3AKaDFNNE40dlpRNDlCOUhPcGIxUXlQUTRXZUNNOGREVSsxejhtYkxJdDhaYnU5ZVFXSG1ldUh0TnNwaU5GOVNFNQpNSTcrTDBjbHVYcmp2WkdWV1ptTVpPOGNFWXpjcGJ0YWVla01oL3M0bVUvUVZxQkNtSnhCc1B3RXlzcTdvZkJZCnhabGlidTNJeEtKckFvSUJBUUNDT1hkYmJkOXloSUx1bzcrVzF4UGdFOUkyQVdXZjU1emNkZ0dNVVZYWUNPS0oKR2ovY0Jsb3duVXRpN3VHUzhJNmFyQVJQaEhHTGt4bVFwZmdXNWl0SFhaOEFKNGFWS3l2SVZ3TUM5MTdCOS9uZgpid2tRUHNteWYxNm1zVXhTcThpKy9mcmFOZmczZlZodDBoUENIcEpvcTRwYlpDOUxmQ2dNR3JLSmZEdVUvbzZQCnZkazY3cEIxaUxNcVBxQi96MS96Nmp4bEdnbzByaHB3b29POHdaeWJidTZmOEYvODA5MWhDQ3NhMWdockJzcEEKb0p4UFF1MU9ubVF6Vzk3c29BTjBuN3JubWhWK21rU0pGOVFwS2tNWmc0SFlRSU9vZTFrVm42b3pINWkyNDNuRQorMkRvZXNQRmtIcy94N1JIWEVTNEFMblhKV1FibXMvQlR6QlRLWlRoQW9JQkFBcVNMc2ZvaHp1MEhmSW41Wm5iCmNGM1BzNERvWWZaOGtUenZhY0VMWEhTMnNJYWR4cUZDNzkzemJDTVQ2Nm5UUEtyTUFESEVLS21ybFlLMmZoZ0sKOXJJWE83TlZ3T2RZOXFsYUpKTFpRQ2NvV3ZGK0FDcXJQQld2VWVjcVRTTUhTQ2ZPS1g0VjdyYUNKVnNWWCtFZApYZzF2cGRaWkpXWEFLSE1iWjhGeEg4SVNZS29jOStqejIrSjJMRmVSa3ZTaTlvR29OdnhwMDB1VVZRTXAwMnN4Ci9pNFRESTBzeUVBeEZHcFhyYWFicVNjckdXZHI0cXNoWS82YjJPRHNZTEI5VHU2RGdsRktKckZia2NuWUtLQzcKQUFuNDlUazA3RmNxTmMyd2tJUndsc29JMm14bmhENkgzVXFnOE9ER00xNURPVUxVMzlyL251SmFQS3VXeVZEUwpjT01DZ2dFQVlaVG5IZWVXNHp1dkpvdXVTQTltbFMyNkRyaUJYOWhhYSt0SGw1SmVDVDRwTk5FL3lYd3Zib3BuCk1tcnJnQWxiejhVamEwY2NXT2ZRZ2k1SVpoWXkrWFkwQ1Z1Q3p1cGpmY3kwR0dUVzRQclpkSkFZNGVacStkZUIKRThCY3E0Rm5kZmlkMVZZVVUyRG1WT0lqbGxjYUpYOXZGSUJIOGRTSTJjRjBYQ1FKNFQ3QmMwc3d2Qk9GS0V2NAoxU2Z5U0o3dVVRVmo5S2c3blU2TklUVDUwMEE0NEQ2U0xScU1QY01IK1FQcmdZS242Nks1VzFUWkx5RGpBZVFBCnNkQWFncWwyZ1BLeGlTM1c5STBUdVZiSXNrSDBXM2tTQUI2WjF2Q1dzY1I4Rmxza0U4VjhrOWxtQXdhMlJLSEcKWFg0K3RFVkMzSmFEYjRYUXVGeTk3RGN3VGlVdFpRPT0KLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo=

Send query from UI chatbox, works just as perfect as using the default TLS credentials provided by service-ca operator.

openshift-ci-robot · 2024-09-16T16:51:35Z

raptorsun · 2024-09-16T16:51:39Z

/hold
in progress

openshift-ci · 2024-09-16T16:52:16Z

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please ask for approval from raptorsun. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

raptorsun · 2024-09-18T10:42:03Z

/unhold
ready to review

openshift-ci-robot · 2024-09-18T10:50:40Z

@raptorsun: This pull request references OLS-385 which is a valid jira issue.

In response to this:

Description

User can provide TLS key and certificates for the communication between console proxy and the application HTTPS endpoint:

CA certificate for the console proxy to authenticate application HTTPS endpoint .spec.ols.deployment.console.caCertificate
key and certificate issued by the CA mentioned above, used by the application HTTPS endpoint .spec.ols.tlsConfig

Type of change

Related Tickets & Documents

Related Issue #
Closes # OLS-385

Checklist before requesting a review

I have performed a self-review of my code.
PR has passed all pre-merge test jobs.
If it is a core feature, I have added thorough tests.

Testing

olsconfig.yaml

apiVersion: ols.openshift.io/v1alpha1
kind: OLSConfig
metadata:
 name: cluster
spec:
 llm:
   providers:
     - type: openai
       credentialsSecretRef:
         name: openai-key
       models:
         - name: gpt-3.5-turbo
         - name: gpt-4-turbo
       name: openai
       url: https://api.openai.com/v1
 ols:
   defaultModel: gpt-4-turbo
   defaultProvider: openai
   logLevel: INFO
   deployment:
     replicas: 1
     console:
       caCertificate: |
         -----BEGIN CERTIFICATE-----
         MIIFEDCCAvigAwIBAgIUQ3cTd7CGbuQ90mfXLWsP9xzZwZAwDQYJKoZIhvcNAQEL
         BQAwDzENMAsGA1UEAwwETXlDQTAeFw0yNDA5MTgwOTQ4NDBaFw0yNTA5MTgwOTQ4
         NDBaMA8xDTALBgNVBAMMBE15Q0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK
         AoICAQDxdE4G/zfKbqAo9RE37iFr6yebojh0dRZjSeAfOXZLWxnaNeGvnxBSOyxD
         8GZ3qZtqAB0g3wWes26XUg1z8+Gg8uZ/AZjlpXwkPj5Ff7De1VAkJtpfF43tZaw1
         2DA+qMhPcKW/AzU216xRIFiwXt+QUQzJP+RLOjr/7Ruopeia9HwQ7zQzINzVcyAZ
         ncEGs5BAD//qBzRKg2r9EHOy33SVgowhkwIr7XDi9JOjxAX20NOvnGw2Wr26nInB
         L+o1VZu5Io+NLZQAzT1AJOkAEt5h7ucp3lPsgruiNKfSCxJpx574tpZN5UJRacZp
         6eWU/a2bYoMb9SxNLAE3wDn77VpAJe7vyaqZYN7Q/pkv/ltsrXWruWmxU4b3OeBe
         ioO0qKGivcikogz2qOKNO+uiPuheqlRR9Uv3gxIfPI2Hgb/bXKWYsB09L7NMowxz
         /5MGt3+wEMNWIbPbgHXI2EGGdEn4jai8zrXPP+qsbRV6475X2nm5FP7s6UfZ7T+M
         WDkthX4+3gVQN+mc2eUlrULAPjCaQ7aWXzRM7WJJE74kosl4L+/zyGj++tBGQOAH
         9f6RGbn+RpDUXkA0O+lDb0Unzd4M36aieDFu3lTkVZqrORzM+wQAV12xfiLfU833
         ePzUZxPJ7YG0jLFvSMm8SMOb93+1YGSeAWZkdUI0CkD2GLU4FwIDAQABo2QwYjAd
         BgNVHQ4EFgQUZCneQQdNviHC/FwzO7OUarMmo8YwHwYDVR0jBBgwFoAUZCneQQdN
         viHC/FwzO7OUarMmo8YwDwYDVR0TAQH/BAUwAwEB/zAPBgNVHREECDAGggRNeUNB
         MA0GCSqGSIb3DQEBCwUAA4ICAQCDD4Kzwtl8WgcxXltGPUe3s+9dc14LDKqy1Qz8
         DyI87Z9K3GqQLxtM77cpSXnuKAPh6MJ3B5Q3vO5jGFq6H2WMFDNQNnchF5Kofr1H
         isVFlrTAHqw1sf0kNvmBkWDVD05t1wcWylOoDYrB83w439pDKu+CNVttunfR8EUI
         yUFJqH217xLNpiLHw++SDC8eRiXzNM3kzMu2un6EPB9fe4gQ9+kjnUAm8AdfJjHA
         gmVS2p9nt4TzgljOldc7TJkOaZSDNj7W6Os5EWVtjqqYEasKWZNEaOGgBNw6lqZ3
         qkHlCC7zOMklfvAtK40YsXDJ0OApn4JSowKL4y9dZbtGq4Vl5WoAcy8JQKvkkGvW
         bI9X4BR3bDdTVovMLnznX4arzA1fWrku7gIf0bAT9TiVzxOgUU+vAutCUht/1HFF
         aW88S3lbOa12wLjpaOmnLpnCHwdNYFqBYPHjiY642WZ9rzsGB9p0x+dmPSDaB+1a
         1Nh8bfmx6zRhZudRFdbRb0FCaR1cCqAqAYWGakbN177AX1DXawD0M5a8ENRbru43
         CT1qjJIjkt+MLAr1APJU1rVw4E/iN27j16+h2ktKnd4aLToALHNwE/kBS9ME/oK6
         BCK0z/8HKlughx6OvIuCNwe4SX1smeNJz1kwbeUa15wElYEeCNHii4W2pULEgcXR
         f+I6Sg==
         -----END CERTIFICATE-----
   tlsConfig:
     keyCertSecretRef:
       name: user-app-tls

secret-user-app-tls.yaml

apiVersion: v1
kind: Secret
metadata:
 name: user-app-tls
 namespace: openshift-lightspeed
type: kubernetes.io/tls
data:
 tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZlVENDQTJHZ0F3SUJBZ0lVWU15Wno5RWd4Q0ZsNldmV1BvM1FIVUd2WGQ4d0RRWUpLb1pJaHZjTkFRRUwKQlFBd0R6RU5NQXNHQTFVRUF3d0VUWGxEUVRBZUZ3MHlOREE1TVRnd09UUTROREZhRncweU5UQTVNVGd3T1RRNApOREZhTUNBeEhqQWNCZ05WQkFNTUZXeHBaMmgwYzNCbFpXUXRZWEJ3TFhObGNuWmxjakNDQWlJd0RRWUpLb1pJCmh2Y05BUUVCQlFBRGdnSVBBRENDQWdvQ2dnSUJBSnl1RDRTRWd3T3M4VVBsZDVjYzNtOW9vK3dyam5YNU0yUWsKT3EyTUI5RE1PWlRLdXhOeGsvUGVPczREc3pwSGZVVnpCQWlQdXNVQ0NIdjNwMm1GMUtFSEJQQ1p4elljTnlDbwpBS1A5UWtSYVZSVVUwR0NUM0ZQOVhPNm5Ga1BhS0RCK1Q4Y29zRDB2QVNGMGFSWkh5Z3p4elpQaW9BOG1KaWJOClM2amZ2UEhwWjhubU1HMUtqcFZIVEYyNWJKZjF2dkg1V2l2bkZ4MzkzRWpOU3NUeGlCc2xUQ09PQkdJdnZBemoKZ1pqbENkY1ZxY3l1YUFWTjVHdXRmQnpEbHN5czlyYWgrM3BWZVViNXdYWmR3eFhpZnpWUWllRnFtVEprNnNMeApRQmZLRytpeHlLUStrWDlYOVNHQ0NnRldBeVl5dHZ1LzBTcGlBOStPajZ2dS9va2RaQXZMVDZjTk5uVFAzMmZ1CmQ5U1NTSTNTUkVlb2MyY0MrTDNqOGVralJUblhDd2xUeU9oaXVrY0docXNZWEEyOWdPSHJ1UzF3WDlreGwrYVIKY3pzL3YydE1qWWFkV1VLdGpKdllOa2Qzd0xNcHlsR3k0OHNWTDJXQkN0ZWh6MS9UWG9naWVBRlA3YmNwbzFTNQpnRVkwZVQ4bTF5WXdtVWswd0p3WmQzL1V2WUlKR0loWHRmTU9BbmVjcnQwWWxZeDlwWjd3RmtmMUkrSU5XK09uCm5UWFpZN3F1cEZZNVhYZHNvNVZlMXVQa1NJNW40dHQycTljejY1djZVaXRUNGtXOWo2bDFMakduVGdMV3hBSlgKWmRxc3lSNGx0U0ZxWmd4amorOUI5aFdHMVNGNU10K1NWVHlvYlUwalRsT2pIYVRmZzJPa05lSjd6S0RBSjVxaQpRR0lLd3BZREFnTUJBQUdqZ2Jzd2diZ3dkZ1lEVlIwUkJHOHdiWUlWYkdsbmFIUnpjR1ZsWkMxaGNIQXRjMlZ5CmRtVnlnanhzYVdkb2RITndaV1ZrTFdGd2NDMXpaWEoyWlhJdWIzQmxibk5vYVdaMExXeHBaMmgwYzNCbFpXUXUKYzNaakxtTnNkWE4wWlhJdWJHOWpZV3lIQkg4QUFBR0hFQUFBQUFBQUFBQUFBQUFBQUFBQUFBRXdIUVlEVlIwTwpCQllFRk9TdndwU3pWcUtUMzhncWZ4bXRGV3ozcFc1bU1COEdBMVVkSXdRWU1CYUFGR1FwM2tFSFRiNGh3dnhjCk16dXpsR3F6SnFQR01BMEdDU3FHU0liM0RRRUJDd1VBQTRJQ0FRRFJ6eE55Ym5JakRkVkJ4VGtLMEZTd2p2SUsKM3FWNUVSSWlkcEI2RkovQzJldjZxTmM3bm9wK3JCakptb3d2RzhNZmFBbzVua0w0MG51YlRBSTZkUEVKRHh3bAppWFBuemNXVzllL29mUFlxVnBhNVV0RUkrWHk4d3VBcG9tTUx6aFVTTC91WSt1THRFUjNxZG41ekNqZEZPdjdmCnZSNlBMcFBYWTY3NWxMdmhRV0pGc3FMZG0rLzI3cjhrK2cxVDRhLzY1bmlXLzJBVXJmMFIyWkZOSU5uYUQ5VVAKYzgrS2xGS3I4NFhWNS9zTEJVWks0SXJRQjlFT2kxcFRzQTRPK2RVa09sVi94R2NwYVZBdnZJcWdyNUdQeWt1Rgp1c1o1MWFPaTZocVJxMm1lcmZTRWpoQWJFMVhsdGxoa3lqV2ZaMlExUzkwMFFPZC8xc2UrNmVWMzNXVnNzcGxxCjFOTWhjOUZqM2RYUndPbzUzTFJ3TlNFWE16RmFzT0k1UGowVnFlTm83bmVQa2l1T3JkZHk5UVhFZ0ZVRXpRSk4KM1Jxc0d3blowMHoza040RFhSWDZwL0RJRVU5d1hEVzhtZWt0R1hIM0JWTFJsUjFKN3ljaEpBdVlINTd2SUZLcwpzb0lqZ3NsSmloM05yVlltYXFxanZmVFcrWklXL0U3R1czN1NhTHU3ZGk5ajVoSENmT3hRWTlEUmlHUHc4UkZyClNlamwwaWRBamZpVkdzVWJUbEIyNkNJdjRhc2ZvdmVXWTFPUStpY2MwTERiMWlzVVQ3VkkrK0kwZWcydzdoMGIKU3FSd3c3SlE1US8rU1VNVzlsNUFPamc2di9PY2ZGcEN5RGZQY3Z4S1NtL2kreXQxSG1xbktmRkNCTnZiTlBDTAp2eGN0OVcvNkZUK0FLWk1FTXc9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
 tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUpRZ0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQ1N3d2dna29BZ0VBQW9JQ0FRQ2NyZytFaElNRHJQRkQKNVhlWEhONXZhS1BzSzQ1MStUTmtKRHF0akFmUXpEbVV5cnNUY1pQejNqck9BN002UjMxRmN3UUlqN3JGQWdoNwo5NmRwaGRTaEJ3VHdtY2MySERjZ3FBQ2ovVUpFV2xVVkZOQmdrOXhUL1Z6dXB4WkQyaWd3ZmsvSEtMQTlMd0VoCmRHa1dSOG9NOGMyVDRxQVBKaVltelV1bzM3eng2V2ZKNWpCdFNvNlZSMHhkdVd5WDliN3grVm9yNXhjZC9keEkKelVyRThZZ2JKVXdqamdSaUw3d000NEdZNVFuWEZhbk1ybWdGVGVScnJYd2N3NWJNclBhMm9mdDZWWGxHK2NGMgpYY01WNG44MVVJbmhhcGt5Wk9yQzhVQVh5aHZvc2Npa1BwRi9WL1VoZ2dvQlZnTW1NcmI3djlFcVlnUGZqbytyCjd2NkpIV1FMeTArbkRUWjB6OTluN25mVWtraU4wa1JIcUhObkF2aTk0L0hwSTBVNTF3c0pVOGpvWXJwSEJvYXIKR0Z3TnZZRGg2N2t0Y0YvWk1aZm1rWE03UDc5clRJMkduVmxDcll5YjJEWkhkOEN6S2NwUnN1UExGUzlsZ1FyWApvYzlmMDE2SUluZ0JUKzIzS2FOVXVZQkdOSGsvSnRjbU1KbEpOTUNjR1hkLzFMMkNDUmlJVjdYekRnSjNuSzdkCkdKV01mYVdlOEJaSDlTUGlEVnZqcDUwMTJXTzZycVJXT1YxM2JLT1ZYdGJqNUVpT1orTGJkcXZYTSt1YitsSXIKVStKRnZZK3BkUzR4cDA0QzFzUUNWMlhhck1rZUpiVWhhbVlNWTQvdlFmWVZodFVoZVRMZmtsVThxRzFOSTA1VApveDJrMzROanBEWGllOHlnd0NlYW9rQmlDc0tXQXdJREFRQUJBb0lDQUFqRUZFb3R2OGJDTTUxcmhvMWJLQ0Z1Ck8vMmRVajNNME5DVzFsR2FEQXM2aklqWlJDNDArZVROck5jL09HcUNVQmZ2OU1IUWlNL2lQK2RGQVREVGlWbnUKWFVXNDFOUjAybFlSWlkwY2xrczNZcHMrQVlxUVplWUNhWTM3VUlaQXBtUlFMTlo2WGFIa0IxbC8wZGFxblpDcgoxcWRNMC9ldnJXTER0RlZMeEo1NW1KSkxOcSs4QkNPRjl3Sjh1cWxRZzlFTFNtZzZhRk5kUGYzZmFTeldTKzhqCmlieFRneHRGNEd6aTJGVmRrSGRnTEQwdlpOSjhlOU1xYnZuaVY0V01COHhLczhTSEU3U2lOSmk5YTRvYlAxSysKOXMwNGZEOFM0UVRzZFNiZmxVQW5uT1RUa0tzTW1NSmtnWHJNVW50elN1N2xoSHV0T3RvL0lrLys4Y1FVeU9GcApvWnVzVjFBYmNrM2p1WnhHUEZXTnlmN2xrcnpOb1czaHdNalNNNDM5V0RBYzZtUXFHeEZ4VlBFcWgwZld5QWFUCm1GTXhWUCtHeXZNVjJqRGszaHpKVDFCRzFsY0o4bWZ1eHNoMlFwUkdMK1ViSkF2UVhFNk40YVViSXdPN1MzdmQKRld3WnVrTnJ0cFZEK2t6Qm90T3Q5bXNrekhBSkIza0xEQ2xlWlVPMWI3MjBQTDlYUnJvWW5DamlTbitQRU92agpnN0ZkU0R0bzkzWG5vbVgzUEpqRXBMTHBxMWd6QWpsZG5UQUlCYnU5bWc4T0VKVjh0c2hLekEyZThuV295a2hrCnJTNlJvbktHUlJRdnMwWUVqb1BmWTF2RGJKdVZHSVN0MjZua3ZyVHdaT1AyUXNNa29HcFRhSWpYTWwyOUtMdEsKbW9iSVZ3RlNvR2hvVi9BL3hVaUJBb0lCQVFETWpBd3o5cVI4QXZwL1VTWjVPdjNjRVh6MHFMbStXMnlzWnZlTQpGSWZUT2lnRUduWmhrYVd0b2hPdksvdVg5RHFzL1Y0a0lYdHNTTVpTLzd3TVFxdUkrY2ZpQUJjbHlBQWVwVlpICkwrUjR5Z0dSTEVDd1hBdVhnWGVocU11Z2J1Y2JUc1J2NnVpWWZZNjdoSnlCeXlud0loVkx6VS91bUtBUTV1S00KNmZlMlZseURoam80RFo0QTVBQnBKbUJYM0VQYTIwTWVjb0tCK2tCd3JlSk1wMVpZa2ZEVGN5Q001V0tkdmc1TgpVS1FsR2wyL2JDT0pUeUNzMlYwQVVjbnBkcllWTE1sanNsU2dOZERadDJNaDFZVGV5U3N4WG5BZGNjL2FwcjBqCnVFK25uK1dMMlVKcEVETU13M1dWVzRyNkZyTzVjekFnWkJwcDNsbEN4ZDZXZ1RESkFvSUJBUURFRjVNc0UrL0oKTEdSeTZONGt2V3ovV2s2OFBmR1NNSWNzZHdkYUFOVlRvUVhScGM0NUVSd2JNWDhPMjhCY3F5OTJxalVHQ2l6cApvTHFJWG91OXRCMmowMzZnMGlaN3dHR050NGp5dWlZa3M0LzNYNHl4Vm4rOWxYUlZPalQ5N2ROeGtUc1NsSm1sCmZOYVIxMzRLOVpQeXltWlFFUlVCZlV3YUV6RWQyRHZ3TnJBY3ovWCtyZEdtSjNudVVGTERvcHdmZi9BYXVWU3AKaDFNNE40dlpRNDlCOUhPcGIxUXlQUTRXZUNNOGREVSsxejhtYkxJdDhaYnU5ZVFXSG1ldUh0TnNwaU5GOVNFNQpNSTcrTDBjbHVYcmp2WkdWV1ptTVpPOGNFWXpjcGJ0YWVla01oL3M0bVUvUVZxQkNtSnhCc1B3RXlzcTdvZkJZCnhabGlidTNJeEtKckFvSUJBUUNDT1hkYmJkOXloSUx1bzcrVzF4UGdFOUkyQVdXZjU1emNkZ0dNVVZYWUNPS0oKR2ovY0Jsb3duVXRpN3VHUzhJNmFyQVJQaEhHTGt4bVFwZmdXNWl0SFhaOEFKNGFWS3l2SVZ3TUM5MTdCOS9uZgpid2tRUHNteWYxNm1zVXhTcThpKy9mcmFOZmczZlZodDBoUENIcEpvcTRwYlpDOUxmQ2dNR3JLSmZEdVUvbzZQCnZkazY3cEIxaUxNcVBxQi96MS96Nmp4bEdnbzByaHB3b29POHdaeWJidTZmOEYvODA5MWhDQ3NhMWdockJzcEEKb0p4UFF1MU9ubVF6Vzk3c29BTjBuN3JubWhWK21rU0pGOVFwS2tNWmc0SFlRSU9vZTFrVm42b3pINWkyNDNuRQorMkRvZXNQRmtIcy94N1JIWEVTNEFMblhKV1FibXMvQlR6QlRLWlRoQW9JQkFBcVNMc2ZvaHp1MEhmSW41Wm5iCmNGM1BzNERvWWZaOGtUenZhY0VMWEhTMnNJYWR4cUZDNzkzemJDTVQ2Nm5UUEtyTUFESEVLS21ybFlLMmZoZ0sKOXJJWE83TlZ3T2RZOXFsYUpKTFpRQ2NvV3ZGK0FDcXJQQld2VWVjcVRTTUhTQ2ZPS1g0VjdyYUNKVnNWWCtFZApYZzF2cGRaWkpXWEFLSE1iWjhGeEg4SVNZS29jOStqejIrSjJMRmVSa3ZTaTlvR29OdnhwMDB1VVZRTXAwMnN4Ci9pNFRESTBzeUVBeEZHcFhyYWFicVNjckdXZHI0cXNoWS82YjJPRHNZTEI5VHU2RGdsRktKckZia2NuWUtLQzcKQUFuNDlUazA3RmNxTmMyd2tJUndsc29JMm14bmhENkgzVXFnOE9ER00xNURPVUxVMzlyL251SmFQS3VXeVZEUwpjT01DZ2dFQVlaVG5IZWVXNHp1dkpvdXVTQTltbFMyNkRyaUJYOWhhYSt0SGw1SmVDVDRwTk5FL3lYd3Zib3BuCk1tcnJnQWxiejhVamEwY2NXT2ZRZ2k1SVpoWXkrWFkwQ1Z1Q3p1cGpmY3kwR0dUVzRQclpkSkFZNGVacStkZUIKRThCY3E0Rm5kZmlkMVZZVVUyRG1WT0lqbGxjYUpYOXZGSUJIOGRTSTJjRjBYQ1FKNFQ3QmMwc3d2Qk9GS0V2NAoxU2Z5U0o3dVVRVmo5S2c3blU2TklUVDUwMEE0NEQ2U0xScU1QY01IK1FQcmdZS242Nks1VzFUWkx5RGpBZVFBCnNkQWFncWwyZ1BLeGlTM1c5STBUdVZiSXNrSDBXM2tTQUI2WjF2Q1dzY1I4Rmxza0U4VjhrOWxtQXdhMlJLSEcKWFg0K3RFVkMzSmFEYjRYUXVGeTk3RGN3VGlVdFpRPT0KLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo=

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

openshift-ci-robot · 2024-09-18T10:51:47Z

@raptorsun: This pull request references OLS-385 which is a valid jira issue.

In response to this:

Description

User can provide TLS key and certificates for the communication between console proxy and the application HTTPS endpoint:

CA certificate for the console proxy to authenticate application HTTPS endpoint .spec.ols.deployment.console.caCertificate
key and certificate issued by the CA mentioned above, used by the application HTTPS endpoint .spec.ols.tlsConfig

Type of change

Related Tickets & Documents

Related Issue #
Closes # OLS-385

Checklist before requesting a review

I have performed a self-review of my code.
PR has passed all pre-merge test jobs.
If it is a core feature, I have added thorough tests.

Testing

olsconfig.yaml

apiVersion: ols.openshift.io/v1alpha1
kind: OLSConfig
metadata:
 name: cluster
spec:
 llm:
   providers:
     - type: openai
       credentialsSecretRef:
         name: openai-key
       models:
         - name: gpt-3.5-turbo
         - name: gpt-4-turbo
       name: openai
       url: https://api.openai.com/v1
 ols:
   defaultModel: gpt-4-turbo
   defaultProvider: openai
   logLevel: INFO
   deployment:
     replicas: 1
     console:
       caCertificate: |
         -----BEGIN CERTIFICATE-----
         MIIFEDCCAvigAwIBAgIUQ3cTd7CGbuQ90mfXLWsP9xzZwZAwDQYJKoZIhvcNAQEL
         BQAwDzENMAsGA1UEAwwETXlDQTAeFw0yNDA5MTgwOTQ4NDBaFw0yNTA5MTgwOTQ4
         NDBaMA8xDTALBgNVBAMMBE15Q0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK
         AoICAQDxdE4G/zfKbqAo9RE37iFr6yebojh0dRZjSeAfOXZLWxnaNeGvnxBSOyxD
         8GZ3qZtqAB0g3wWes26XUg1z8+Gg8uZ/AZjlpXwkPj5Ff7De1VAkJtpfF43tZaw1
         2DA+qMhPcKW/AzU216xRIFiwXt+QUQzJP+RLOjr/7Ruopeia9HwQ7zQzINzVcyAZ
         ncEGs5BAD//qBzRKg2r9EHOy33SVgowhkwIr7XDi9JOjxAX20NOvnGw2Wr26nInB
         L+o1VZu5Io+NLZQAzT1AJOkAEt5h7ucp3lPsgruiNKfSCxJpx574tpZN5UJRacZp
         6eWU/a2bYoMb9SxNLAE3wDn77VpAJe7vyaqZYN7Q/pkv/ltsrXWruWmxU4b3OeBe
         ioO0qKGivcikogz2qOKNO+uiPuheqlRR9Uv3gxIfPI2Hgb/bXKWYsB09L7NMowxz
         /5MGt3+wEMNWIbPbgHXI2EGGdEn4jai8zrXPP+qsbRV6475X2nm5FP7s6UfZ7T+M
         WDkthX4+3gVQN+mc2eUlrULAPjCaQ7aWXzRM7WJJE74kosl4L+/zyGj++tBGQOAH
         9f6RGbn+RpDUXkA0O+lDb0Unzd4M36aieDFu3lTkVZqrORzM+wQAV12xfiLfU833
         ePzUZxPJ7YG0jLFvSMm8SMOb93+1YGSeAWZkdUI0CkD2GLU4FwIDAQABo2QwYjAd
         BgNVHQ4EFgQUZCneQQdNviHC/FwzO7OUarMmo8YwHwYDVR0jBBgwFoAUZCneQQdN
         viHC/FwzO7OUarMmo8YwDwYDVR0TAQH/BAUwAwEB/zAPBgNVHREECDAGggRNeUNB
         MA0GCSqGSIb3DQEBCwUAA4ICAQCDD4Kzwtl8WgcxXltGPUe3s+9dc14LDKqy1Qz8
         DyI87Z9K3GqQLxtM77cpSXnuKAPh6MJ3B5Q3vO5jGFq6H2WMFDNQNnchF5Kofr1H
         isVFlrTAHqw1sf0kNvmBkWDVD05t1wcWylOoDYrB83w439pDKu+CNVttunfR8EUI
         yUFJqH217xLNpiLHw++SDC8eRiXzNM3kzMu2un6EPB9fe4gQ9+kjnUAm8AdfJjHA
         gmVS2p9nt4TzgljOldc7TJkOaZSDNj7W6Os5EWVtjqqYEasKWZNEaOGgBNw6lqZ3
         qkHlCC7zOMklfvAtK40YsXDJ0OApn4JSowKL4y9dZbtGq4Vl5WoAcy8JQKvkkGvW
         bI9X4BR3bDdTVovMLnznX4arzA1fWrku7gIf0bAT9TiVzxOgUU+vAutCUht/1HFF
         aW88S3lbOa12wLjpaOmnLpnCHwdNYFqBYPHjiY642WZ9rzsGB9p0x+dmPSDaB+1a
         1Nh8bfmx6zRhZudRFdbRb0FCaR1cCqAqAYWGakbN177AX1DXawD0M5a8ENRbru43
         CT1qjJIjkt+MLAr1APJU1rVw4E/iN27j16+h2ktKnd4aLToALHNwE/kBS9ME/oK6
         BCK0z/8HKlughx6OvIuCNwe4SX1smeNJz1kwbeUa15wElYEeCNHii4W2pULEgcXR
         f+I6Sg==
         -----END CERTIFICATE-----
   tlsConfig:
     keyCertSecretRef:
       name: user-app-tls

secret-user-app-tls.yaml

apiVersion: v1
kind: Secret
metadata:
 name: user-app-tls
 namespace: openshift-lightspeed
type: kubernetes.io/tls
data:
 tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZlVENDQTJHZ0F3SUJBZ0lVWU15Wno5RWd4Q0ZsNldmV1BvM1FIVUd2WGQ4d0RRWUpLb1pJaHZjTkFRRUwKQlFBd0R6RU5NQXNHQTFVRUF3d0VUWGxEUVRBZUZ3MHlOREE1TVRnd09UUTROREZhRncweU5UQTVNVGd3T1RRNApOREZhTUNBeEhqQWNCZ05WQkFNTUZXeHBaMmgwYzNCbFpXUXRZWEJ3TFhObGNuWmxjakNDQWlJd0RRWUpLb1pJCmh2Y05BUUVCQlFBRGdnSVBBRENDQWdvQ2dnSUJBSnl1RDRTRWd3T3M4VVBsZDVjYzNtOW9vK3dyam5YNU0yUWsKT3EyTUI5RE1PWlRLdXhOeGsvUGVPczREc3pwSGZVVnpCQWlQdXNVQ0NIdjNwMm1GMUtFSEJQQ1p4elljTnlDbwpBS1A5UWtSYVZSVVUwR0NUM0ZQOVhPNm5Ga1BhS0RCK1Q4Y29zRDB2QVNGMGFSWkh5Z3p4elpQaW9BOG1KaWJOClM2amZ2UEhwWjhubU1HMUtqcFZIVEYyNWJKZjF2dkg1V2l2bkZ4MzkzRWpOU3NUeGlCc2xUQ09PQkdJdnZBemoKZ1pqbENkY1ZxY3l1YUFWTjVHdXRmQnpEbHN5czlyYWgrM3BWZVViNXdYWmR3eFhpZnpWUWllRnFtVEprNnNMeApRQmZLRytpeHlLUStrWDlYOVNHQ0NnRldBeVl5dHZ1LzBTcGlBOStPajZ2dS9va2RaQXZMVDZjTk5uVFAzMmZ1CmQ5U1NTSTNTUkVlb2MyY0MrTDNqOGVralJUblhDd2xUeU9oaXVrY0docXNZWEEyOWdPSHJ1UzF3WDlreGwrYVIKY3pzL3YydE1qWWFkV1VLdGpKdllOa2Qzd0xNcHlsR3k0OHNWTDJXQkN0ZWh6MS9UWG9naWVBRlA3YmNwbzFTNQpnRVkwZVQ4bTF5WXdtVWswd0p3WmQzL1V2WUlKR0loWHRmTU9BbmVjcnQwWWxZeDlwWjd3RmtmMUkrSU5XK09uCm5UWFpZN3F1cEZZNVhYZHNvNVZlMXVQa1NJNW40dHQycTljejY1djZVaXRUNGtXOWo2bDFMakduVGdMV3hBSlgKWmRxc3lSNGx0U0ZxWmd4amorOUI5aFdHMVNGNU10K1NWVHlvYlUwalRsT2pIYVRmZzJPa05lSjd6S0RBSjVxaQpRR0lLd3BZREFnTUJBQUdqZ2Jzd2diZ3dkZ1lEVlIwUkJHOHdiWUlWYkdsbmFIUnpjR1ZsWkMxaGNIQXRjMlZ5CmRtVnlnanhzYVdkb2RITndaV1ZrTFdGd2NDMXpaWEoyWlhJdWIzQmxibk5vYVdaMExXeHBaMmgwYzNCbFpXUXUKYzNaakxtTnNkWE4wWlhJdWJHOWpZV3lIQkg4QUFBR0hFQUFBQUFBQUFBQUFBQUFBQUFBQUFBRXdIUVlEVlIwTwpCQllFRk9TdndwU3pWcUtUMzhncWZ4bXRGV3ozcFc1bU1COEdBMVVkSXdRWU1CYUFGR1FwM2tFSFRiNGh3dnhjCk16dXpsR3F6SnFQR01BMEdDU3FHU0liM0RRRUJDd1VBQTRJQ0FRRFJ6eE55Ym5JakRkVkJ4VGtLMEZTd2p2SUsKM3FWNUVSSWlkcEI2RkovQzJldjZxTmM3bm9wK3JCakptb3d2RzhNZmFBbzVua0w0MG51YlRBSTZkUEVKRHh3bAppWFBuemNXVzllL29mUFlxVnBhNVV0RUkrWHk4d3VBcG9tTUx6aFVTTC91WSt1THRFUjNxZG41ekNqZEZPdjdmCnZSNlBMcFBYWTY3NWxMdmhRV0pGc3FMZG0rLzI3cjhrK2cxVDRhLzY1bmlXLzJBVXJmMFIyWkZOSU5uYUQ5VVAKYzgrS2xGS3I4NFhWNS9zTEJVWks0SXJRQjlFT2kxcFRzQTRPK2RVa09sVi94R2NwYVZBdnZJcWdyNUdQeWt1Rgp1c1o1MWFPaTZocVJxMm1lcmZTRWpoQWJFMVhsdGxoa3lqV2ZaMlExUzkwMFFPZC8xc2UrNmVWMzNXVnNzcGxxCjFOTWhjOUZqM2RYUndPbzUzTFJ3TlNFWE16RmFzT0k1UGowVnFlTm83bmVQa2l1T3JkZHk5UVhFZ0ZVRXpRSk4KM1Jxc0d3blowMHoza040RFhSWDZwL0RJRVU5d1hEVzhtZWt0R1hIM0JWTFJsUjFKN3ljaEpBdVlINTd2SUZLcwpzb0lqZ3NsSmloM05yVlltYXFxanZmVFcrWklXL0U3R1czN1NhTHU3ZGk5ajVoSENmT3hRWTlEUmlHUHc4UkZyClNlamwwaWRBamZpVkdzVWJUbEIyNkNJdjRhc2ZvdmVXWTFPUStpY2MwTERiMWlzVVQ3VkkrK0kwZWcydzdoMGIKU3FSd3c3SlE1US8rU1VNVzlsNUFPamc2di9PY2ZGcEN5RGZQY3Z4S1NtL2kreXQxSG1xbktmRkNCTnZiTlBDTAp2eGN0OVcvNkZUK0FLWk1FTXc9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
 tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUpRZ0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQ1N3d2dna29BZ0VBQW9JQ0FRQ2NyZytFaElNRHJQRkQKNVhlWEhONXZhS1BzSzQ1MStUTmtKRHF0akFmUXpEbVV5cnNUY1pQejNqck9BN002UjMxRmN3UUlqN3JGQWdoNwo5NmRwaGRTaEJ3VHdtY2MySERjZ3FBQ2ovVUpFV2xVVkZOQmdrOXhUL1Z6dXB4WkQyaWd3ZmsvSEtMQTlMd0VoCmRHa1dSOG9NOGMyVDRxQVBKaVltelV1bzM3eng2V2ZKNWpCdFNvNlZSMHhkdVd5WDliN3grVm9yNXhjZC9keEkKelVyRThZZ2JKVXdqamdSaUw3d000NEdZNVFuWEZhbk1ybWdGVGVScnJYd2N3NWJNclBhMm9mdDZWWGxHK2NGMgpYY01WNG44MVVJbmhhcGt5Wk9yQzhVQVh5aHZvc2Npa1BwRi9WL1VoZ2dvQlZnTW1NcmI3djlFcVlnUGZqbytyCjd2NkpIV1FMeTArbkRUWjB6OTluN25mVWtraU4wa1JIcUhObkF2aTk0L0hwSTBVNTF3c0pVOGpvWXJwSEJvYXIKR0Z3TnZZRGg2N2t0Y0YvWk1aZm1rWE03UDc5clRJMkduVmxDcll5YjJEWkhkOEN6S2NwUnN1UExGUzlsZ1FyWApvYzlmMDE2SUluZ0JUKzIzS2FOVXVZQkdOSGsvSnRjbU1KbEpOTUNjR1hkLzFMMkNDUmlJVjdYekRnSjNuSzdkCkdKV01mYVdlOEJaSDlTUGlEVnZqcDUwMTJXTzZycVJXT1YxM2JLT1ZYdGJqNUVpT1orTGJkcXZYTSt1YitsSXIKVStKRnZZK3BkUzR4cDA0QzFzUUNWMlhhck1rZUpiVWhhbVlNWTQvdlFmWVZodFVoZVRMZmtsVThxRzFOSTA1VApveDJrMzROanBEWGllOHlnd0NlYW9rQmlDc0tXQXdJREFRQUJBb0lDQUFqRUZFb3R2OGJDTTUxcmhvMWJLQ0Z1Ck8vMmRVajNNME5DVzFsR2FEQXM2aklqWlJDNDArZVROck5jL09HcUNVQmZ2OU1IUWlNL2lQK2RGQVREVGlWbnUKWFVXNDFOUjAybFlSWlkwY2xrczNZcHMrQVlxUVplWUNhWTM3VUlaQXBtUlFMTlo2WGFIa0IxbC8wZGFxblpDcgoxcWRNMC9ldnJXTER0RlZMeEo1NW1KSkxOcSs4QkNPRjl3Sjh1cWxRZzlFTFNtZzZhRk5kUGYzZmFTeldTKzhqCmlieFRneHRGNEd6aTJGVmRrSGRnTEQwdlpOSjhlOU1xYnZuaVY0V01COHhLczhTSEU3U2lOSmk5YTRvYlAxSysKOXMwNGZEOFM0UVRzZFNiZmxVQW5uT1RUa0tzTW1NSmtnWHJNVW50elN1N2xoSHV0T3RvL0lrLys4Y1FVeU9GcApvWnVzVjFBYmNrM2p1WnhHUEZXTnlmN2xrcnpOb1czaHdNalNNNDM5V0RBYzZtUXFHeEZ4VlBFcWgwZld5QWFUCm1GTXhWUCtHeXZNVjJqRGszaHpKVDFCRzFsY0o4bWZ1eHNoMlFwUkdMK1ViSkF2UVhFNk40YVViSXdPN1MzdmQKRld3WnVrTnJ0cFZEK2t6Qm90T3Q5bXNrekhBSkIza0xEQ2xlWlVPMWI3MjBQTDlYUnJvWW5DamlTbitQRU92agpnN0ZkU0R0bzkzWG5vbVgzUEpqRXBMTHBxMWd6QWpsZG5UQUlCYnU5bWc4T0VKVjh0c2hLekEyZThuV295a2hrCnJTNlJvbktHUlJRdnMwWUVqb1BmWTF2RGJKdVZHSVN0MjZua3ZyVHdaT1AyUXNNa29HcFRhSWpYTWwyOUtMdEsKbW9iSVZ3RlNvR2hvVi9BL3hVaUJBb0lCQVFETWpBd3o5cVI4QXZwL1VTWjVPdjNjRVh6MHFMbStXMnlzWnZlTQpGSWZUT2lnRUduWmhrYVd0b2hPdksvdVg5RHFzL1Y0a0lYdHNTTVpTLzd3TVFxdUkrY2ZpQUJjbHlBQWVwVlpICkwrUjR5Z0dSTEVDd1hBdVhnWGVocU11Z2J1Y2JUc1J2NnVpWWZZNjdoSnlCeXlud0loVkx6VS91bUtBUTV1S00KNmZlMlZseURoam80RFo0QTVBQnBKbUJYM0VQYTIwTWVjb0tCK2tCd3JlSk1wMVpZa2ZEVGN5Q001V0tkdmc1TgpVS1FsR2wyL2JDT0pUeUNzMlYwQVVjbnBkcllWTE1sanNsU2dOZERadDJNaDFZVGV5U3N4WG5BZGNjL2FwcjBqCnVFK25uK1dMMlVKcEVETU13M1dWVzRyNkZyTzVjekFnWkJwcDNsbEN4ZDZXZ1RESkFvSUJBUURFRjVNc0UrL0oKTEdSeTZONGt2V3ovV2s2OFBmR1NNSWNzZHdkYUFOVlRvUVhScGM0NUVSd2JNWDhPMjhCY3F5OTJxalVHQ2l6cApvTHFJWG91OXRCMmowMzZnMGlaN3dHR050NGp5dWlZa3M0LzNYNHl4Vm4rOWxYUlZPalQ5N2ROeGtUc1NsSm1sCmZOYVIxMzRLOVpQeXltWlFFUlVCZlV3YUV6RWQyRHZ3TnJBY3ovWCtyZEdtSjNudVVGTERvcHdmZi9BYXVWU3AKaDFNNE40dlpRNDlCOUhPcGIxUXlQUTRXZUNNOGREVSsxejhtYkxJdDhaYnU5ZVFXSG1ldUh0TnNwaU5GOVNFNQpNSTcrTDBjbHVYcmp2WkdWV1ptTVpPOGNFWXpjcGJ0YWVla01oL3M0bVUvUVZxQkNtSnhCc1B3RXlzcTdvZkJZCnhabGlidTNJeEtKckFvSUJBUUNDT1hkYmJkOXloSUx1bzcrVzF4UGdFOUkyQVdXZjU1emNkZ0dNVVZYWUNPS0oKR2ovY0Jsb3duVXRpN3VHUzhJNmFyQVJQaEhHTGt4bVFwZmdXNWl0SFhaOEFKNGFWS3l2SVZ3TUM5MTdCOS9uZgpid2tRUHNteWYxNm1zVXhTcThpKy9mcmFOZmczZlZodDBoUENIcEpvcTRwYlpDOUxmQ2dNR3JLSmZEdVUvbzZQCnZkazY3cEIxaUxNcVBxQi96MS96Nmp4bEdnbzByaHB3b29POHdaeWJidTZmOEYvODA5MWhDQ3NhMWdockJzcEEKb0p4UFF1MU9ubVF6Vzk3c29BTjBuN3JubWhWK21rU0pGOVFwS2tNWmc0SFlRSU9vZTFrVm42b3pINWkyNDNuRQorMkRvZXNQRmtIcy94N1JIWEVTNEFMblhKV1FibXMvQlR6QlRLWlRoQW9JQkFBcVNMc2ZvaHp1MEhmSW41Wm5iCmNGM1BzNERvWWZaOGtUenZhY0VMWEhTMnNJYWR4cUZDNzkzemJDTVQ2Nm5UUEtyTUFESEVLS21ybFlLMmZoZ0sKOXJJWE83TlZ3T2RZOXFsYUpKTFpRQ2NvV3ZGK0FDcXJQQld2VWVjcVRTTUhTQ2ZPS1g0VjdyYUNKVnNWWCtFZApYZzF2cGRaWkpXWEFLSE1iWjhGeEg4SVNZS29jOStqejIrSjJMRmVSa3ZTaTlvR29OdnhwMDB1VVZRTXAwMnN4Ci9pNFRESTBzeUVBeEZHcFhyYWFicVNjckdXZHI0cXNoWS82YjJPRHNZTEI5VHU2RGdsRktKckZia2NuWUtLQzcKQUFuNDlUazA3RmNxTmMyd2tJUndsc29JMm14bmhENkgzVXFnOE9ER00xNURPVUxVMzlyL251SmFQS3VXeVZEUwpjT01DZ2dFQVlaVG5IZWVXNHp1dkpvdXVTQTltbFMyNkRyaUJYOWhhYSt0SGw1SmVDVDRwTk5FL3lYd3Zib3BuCk1tcnJnQWxiejhVamEwY2NXT2ZRZ2k1SVpoWXkrWFkwQ1Z1Q3p1cGpmY3kwR0dUVzRQclpkSkFZNGVacStkZUIKRThCY3E0Rm5kZmlkMVZZVVUyRG1WT0lqbGxjYUpYOXZGSUJIOGRTSTJjRjBYQ1FKNFQ3QmMwc3d2Qk9GS0V2NAoxU2Z5U0o3dVVRVmo5S2c3blU2TklUVDUwMEE0NEQ2U0xScU1QY01IK1FQcmdZS242Nks1VzFUWkx5RGpBZVFBCnNkQWFncWwyZ1BLeGlTM1c5STBUdVZiSXNrSDBXM2tTQUI2WjF2Q1dzY1I4Rmxza0U4VjhrOWxtQXdhMlJLSEcKWFg0K3RFVkMzSmFEYjRYUXVGeTk3RGN3VGlVdFpRPT0KLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo=

Send query from UI chatbox, works just as perfect as using the default TLS credentials provided by service-ca operator.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

raptorsun · 2024-09-19T08:00:10Z

/test bundle-e2e-4-16

raptorsun · 2024-09-19T13:55:42Z

/test bundle-e2e-4-16

Signed-off-by: Haoyu Sun <[email protected]>

raptorsun · 2024-09-26T07:59:33Z

/test bundle-e2e-4-15

openshift-ci · 2024-09-26T13:56:32Z

@raptorsun: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/bundle-e2e-4-17	`cb520d6`	link	true	`/test bundle-e2e-4-17`

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

syedriko · 2024-10-02T18:20:57Z

/lgtm

openshift-ci-robot added the jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. label Sep 16, 2024

openshift-ci bot added do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. labels Sep 16, 2024

openshift-ci bot requested review from bparees and vbelouso September 16, 2024 16:52

openshift-merge-robot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Sep 17, 2024

raptorsun force-pushed the user-provided-certs branch from ee6fd91 to 419bba2 Compare September 17, 2024 17:12

openshift-merge-robot removed the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Sep 17, 2024

raptorsun changed the title ~~[WIP] OLS-385: User provided certs~~ OLS-385: User provided certs Sep 18, 2024

openshift-ci bot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Sep 18, 2024

raptorsun force-pushed the user-provided-certs branch from 419bba2 to bf5cab2 Compare September 18, 2024 10:41

openshift-ci bot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Sep 18, 2024

raptorsun mentioned this pull request Sep 20, 2024

add support for providing custom certs for OLS and Custom ca for UI #264

Closed

11 tasks

Nimer Naamneh and others added 2 commits September 25, 2024 17:39

add support for providing custom certs for OLS and Custom ca for UI

97b1945

customizable TLS key and cert on application HTTPS endpoint

cb520d6

Signed-off-by: Haoyu Sun <[email protected]>

raptorsun force-pushed the user-provided-certs branch from bf5cab2 to cb520d6 Compare September 25, 2024 15:47

openshift-ci bot assigned syedriko Oct 2, 2024

openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label Oct 2, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

OLS-385: User provided certs #411

OLS-385: User provided certs #411

raptorsun commented Sep 16, 2024 •

edited

Loading

openshift-ci-robot commented Sep 16, 2024 •

edited by openshift-ci bot

Loading

Description

Type of change

Related Tickets & Documents

Checklist before requesting a review

Testing

raptorsun commented Sep 16, 2024

openshift-ci bot commented Sep 16, 2024

raptorsun commented Sep 18, 2024

openshift-ci-robot commented Sep 18, 2024 •

edited by openshift-ci bot

Loading

Description

Type of change

Related Tickets & Documents

Checklist before requesting a review

Testing

openshift-ci-robot commented Sep 18, 2024 •

edited by openshift-ci bot

Loading

Description

Type of change

Related Tickets & Documents

Checklist before requesting a review

Testing

raptorsun commented Sep 19, 2024

raptorsun commented Sep 19, 2024

raptorsun commented Sep 26, 2024

openshift-ci bot commented Sep 26, 2024

syedriko commented Oct 2, 2024

OLS-385: User provided certs #411

Are you sure you want to change the base?

OLS-385: User provided certs #411

Conversation

raptorsun commented Sep 16, 2024 • edited Loading

Description

Type of change

Related Tickets & Documents

Checklist before requesting a review

Testing

openshift-ci-robot commented Sep 16, 2024 • edited by openshift-ci bot Loading

Description

Type of change

Related Tickets & Documents

Checklist before requesting a review

Testing

raptorsun commented Sep 16, 2024

openshift-ci bot commented Sep 16, 2024

raptorsun commented Sep 18, 2024

openshift-ci-robot commented Sep 18, 2024 • edited by openshift-ci bot Loading

Description

Type of change

Related Tickets & Documents

Checklist before requesting a review

Testing

openshift-ci-robot commented Sep 18, 2024 • edited by openshift-ci bot Loading

Description

Type of change

Related Tickets & Documents

Checklist before requesting a review

Testing

raptorsun commented Sep 19, 2024

raptorsun commented Sep 19, 2024

raptorsun commented Sep 26, 2024

openshift-ci bot commented Sep 26, 2024

syedriko commented Oct 2, 2024

raptorsun commented Sep 16, 2024 •

edited

Loading

openshift-ci-robot commented Sep 16, 2024 •

edited by openshift-ci bot

Loading

openshift-ci-robot commented Sep 18, 2024 •

edited by openshift-ci bot

Loading

openshift-ci-robot commented Sep 18, 2024 •

edited by openshift-ci bot

Loading