Skip to content

openshift/service-ca-operator

Repository files navigation

OpenShift Service CA Operator

Controller to mint and manage serving certificates for Kubernetes services. This is an OpenShift ClusterOperator that manages a cluster-scoped certificate authority for automatic TLS provisioning.

The operator runs three controllers:

  • Serving cert signer — Issues signed TLS certificates for Services annotated with service.beta.openshift.io/serving-cert-secret-name. See the OKD documentation for usage.
  • ConfigMap CA bundle injector — Injects the CA bundle into ConfigMaps annotated with service.beta.openshift.io/inject-cabundle=true (key: service-ca.crt)
  • Generic CA bundle injector — Injects the CA bundle into APIServices, MutatingWebhookConfigurations, ValidatingWebhookConfigurations, and CRDs annotated with the same annotation

Quick Start

Prerequisites

  • Go 1.25+
  • For e2e tests: access to an OpenShift cluster with KUBECONFIG set

Building

make build       # Build operator binary + OTE test binary

Running Tests

make test-unit                                        # All unit tests
go test ./pkg/operator/ -run TestName -count 1        # Single unit test
make test-e2e                                         # E2e tests (requires cluster)

Running in a Cluster

See Testing a ClusterOperator/Operand image in a cluster.

OTE Test Framework

This repository uses the OpenShift Tests Extension (OTE) framework. After make build:

# List suites and tests
./service-ca-operator-tests-ext list suites
./service-ca-operator-tests-ext list tests --suite=openshift/service-ca-operator/operator/serial

# Run a suite or test
./service-ca-operator-tests-ext run-suite openshift/service-ca-operator/operator/serial
./service-ca-operator-tests-ext run-test "test-name"

# Serial execution with JUnit output
./service-ca-operator-tests-ext run-suite openshift/service-ca-operator/operator/serial -c 1 --junit-path=/tmp/junit.xml

Documentation

Related Repositories

About

Controller to mint and manage serving certificates for Kubernetes services

Resources

License

Contributing

Security policy

Stars

Watchers

Forks

Packages

 
 
 

Contributors