Skip to content
This repository was archived by the owner on Aug 5, 2025. It is now read-only.
This repository was archived by the owner on Aug 5, 2025. It is now read-only.

Platform Wildcard Certificates #655

Open
Open
Platform Wildcard Certificates#655
Labels
EpicA large body of work that can be broken down into a number of smaller stories
@jefkel

Description

@jefkel
jefkel
opened on Mar 27, 2020

This EPIC is to track outstanding certificate requests and provide a summary view.

Artifactory

The Artifactory repository service has been launched with the artifacts.developer.gov.bc.ca service name. There is an additional requirement to provide proxied image-registry service names with a naming convention of {image-repo}.artifacts.developer.gov.bc.ca. This requires a wildcard certificate for the proxied services.
A request for the following wildcard certificate was made, and has been rejected. An exception process is underway.

  • *.artifacts.developer.gov.bc.ca - proxied repository names

See the following project tickets:
#651
bcgov/developer-experience#96

OCP 4

Api and wildcard certificates are required for the OCP 4 platform. Currently we have identified the following names (and certificate requirements) for 3 of the OCP 4 clusters (Note: if names are required to change, we need to adjust ASAP as we are already rolling with these names and will need to change some existing work) Requests have been made, and are pending additional information to be sent, however it is expected that the requests will be rejected and will require some sort of exemption.

Kamloops Operations Lab

  • *.apps.cowichan.devops.gov.bc.ca - wildcard for application proxy service
  • api.cowichan.devops.gov.bc.ca - api endpoint for automation and tool access

Calgary Operations Lab

  • *.apps.thetis.devops.gov.bc.ca - wildcard for application proxy service
  • api.thetis.devops.gov.bc.ca - api endpoint for automation and tool access

Kamloops Developer-Prod-1

  • *.apps.pacific.devops.gov.bc.ca - wildcard for application proxy service
  • api.pacific.devops.gov.bc.ca - api endpoint for automation and tool access

See the following project ticket:
https://app.zenhub.com/workspaces/openshift-4-build-out-5db73142897668000144f22b/issues/bcdevops/openshift4-rollout/176

KeyCloak (SSO)

The KeyCloak SSO service is being re-branded to leverage its own service name instead of the sso.pathfinder.gov.bc.ca service name. The name of the new service is oidc.gov.bc.ca. A request for a wildcard certificate for *.oidc.gov.bc.ca was requested and rejected. The following is an idea for modifying our certificate request to specific DNS names (which may be easier to get approval for):

  • oidc.gov.bc.ca (possibly prod.oidc.gov.bc.ca as well?)
  • test.oidc.gov.bc.ca
  • dev.oidc.gov.bc.ca
    In order to develop and test new features for integration into the service, the following is an idea for a wildcard service name:
  • *.sandbox.oidc.gov.bc.ca
    See the following project ticket:
    Create DNS record + SSL Cert for new KC SSO developer-experience#138

Metadata

Metadata

Assignees

No one assigned

    Labels

    EpicA large body of work that can be broken down into a number of smaller stories

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions