UNCLASSIFIED - NO CUI

Skip to content

fix: Updates dev-sso-values.yaml with corrected certs for both test domains

Christopher Kyle Galloway requested to merge fix/dev-sso-certs into master

Description

The certificate values for the certificate authorities in dev-sso-values.yaml were not correct. They haven't been working since at least this commit on March 25 (but possibly also before).

This fixes the uncommented certs to be the correct ones for logging into *.dso.mil and the commented certs to be the correct ones for logging into *.dev.bigbang.mil (matching the certs in ingress-certs.yaml).

These have been tested and verified.

Deeper description

The only app that seems to fail if this cert is used, but incorrect is Kiali. This is because Kiali uses its own way of gathering CA certs with a hardcoded path of /kiali-cabundle/openid-server-ca.crt that is created when the cert is passed in as a ConfigMap to kiali. This meant that when curling the endpoint, we didn't see the error, but when hitting it via Kiali's internal golang httpclient, we did.

Edited by Christopher Kyle Galloway

Merge request reports

Loading