OLS-1998: Add option to proxyConfig's ca certificates to specify configmap key by sriroopar · Pull Request #1201 · openshift/lightspeed-operator

sriroopar · 2025-12-23T16:53:09Z

Description

Type of change

Related Tickets & Documents

Related Issue #
Closes #

Checklist before requesting a review

I have performed a self-review of my code.
PR has passed all pre-merge test jobs.
If it is a core feature, I have added thorough tests.

Testing

Please provide detailed steps to perform tests related to this code change.
How were the fix/results from this change verified? Please provide relevant screenshots or results.

openshift-ci · 2025-12-23T16:54:10Z

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign raptorsun for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

sriroopar · 2025-12-23T16:54:45Z

/retest

sriroopar · 2025-12-23T16:55:52Z

/retest

sriroopar · 2026-01-03T16:43:32Z

/retest

sriroopar · 2026-01-03T19:12:37Z

/retest

sriroopar · 2026-01-05T12:14:34Z

/retest

blublinsky · 2026-01-12T14:31:47Z

Unless I am missing something, this is already done (slightly differently) in main. What is the related issue?

sriroopar · 2026-01-12T14:35:12Z

@blublinsky This is the issue : OLS-1998 (https://issues.redhat.com/browse/OLS-1998).

JoaoFula · 2026-01-13T12:17:36Z

config/crd/bases/ols.openshift.io_olsconfigs.yaml

-                        description: The configmap holding proxy CA certificate
+                        description: The configmap and key holding proxy CA certificate
                        properties:
+                          key:


There definitely should be a default value for the key matching the value we currently expect. We should not require clients who have gotten this to work to now have to specify the key

JoaoFula · 2026-01-14T14:38:01Z

/lgtm

syedriko · 2026-03-04T00:30:32Z

internal/controller/utils/constants.go

 	// AdditionalCAHashKey is the key of the hash value of the additional CA certificates in the deployment annotations
 	AdditionalCAHashKey = "hash/additionalca"
+	// ProxyCACertHashKey is the key of the hash value of the proxy CA certificate in the deployment annotations
+	ProxyCACertHashKey = "hash/proxycacert"


Only the lcore Deployment has this annotation, does the appserver Deployment not need it?

openshift-ci-robot · 2026-03-04T01:07:41Z

JoaoFula · 2026-03-04T07:02:20Z

/lgtm

sriroopar · 2026-03-04T13:36:33Z

/retest

sriroopar · 2026-03-04T15:29:18Z

/retest

sriroopar · 2026-03-06T14:26:02Z

/retest

sriroopar · 2026-03-10T14:10:22Z

/retest

sriroopar · 2026-03-10T14:20:01Z

/retest

sriroopar · 2026-03-11T18:01:43Z

/retest

sriroopar · 2026-03-11T18:56:53Z

/retest

JoaoFula · 2026-03-12T14:52:26Z

test/e2e/proxy_test.go

if we're able to specify the configmap key, we no longer have to copy the contents of the openshift-service-ca.crt to the proxy-ca and instead can just use the openshift-service-ca.crt and specify the correct key. This was the point that triggered the creation of this ticket btw.

openshift-ci · 2026-03-13T15:03:57Z

@sriroopar: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/lint	`3a268f6`	link	true	`/test lint`
ci/prow/bundle-e2e-4-22	`497aec3`	link	true	`/test bundle-e2e-4-22`

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

openshift-ci bot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Dec 23, 2025

sriroopar marked this pull request as draft December 23, 2025 16:53

openshift-ci bot requested review from joshuawilson and xrajesh December 23, 2025 16:54

sriroopar marked this pull request as ready for review December 23, 2025 16:55

openshift-ci bot requested review from blublinsky and bparees December 23, 2025 16:55

sriroopar changed the title ~~[WIP] Add option to proxyConfig's ca certificates to specify configmap key~~ Add option to proxyConfig's ca certificates to specify configmap key Jan 2, 2026

openshift-ci bot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Jan 2, 2026

sriroopar force-pushed the proxy-ca-config branch 2 times, most recently from 8999506 to 4928197 Compare January 3, 2026 04:56

sriroopar force-pushed the proxy-ca-config branch 3 times, most recently from f8574c5 to 5b53113 Compare January 12, 2026 14:12

JoaoFula reviewed Jan 13, 2026

View reviewed changes

sriroopar force-pushed the proxy-ca-config branch 2 times, most recently from 1d135c9 to d57678d Compare January 14, 2026 13:54

openshift-ci bot assigned JoaoFula Jan 14, 2026

openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label Jan 14, 2026

sriroopar force-pushed the proxy-ca-config branch from d57678d to 690cc37 Compare January 15, 2026 22:29

openshift-ci bot removed the lgtm Indicates that a PR is ready to be merged. label Jan 15, 2026

syedriko reviewed Mar 4, 2026

View reviewed changes

sriroopar force-pushed the proxy-ca-config branch from b1e81cb to 497aec3 Compare March 4, 2026 01:05

sriroopar changed the title ~~Add option to proxyConfig's ca certificates to specify configmap key~~ OLS-1998: Add option to proxyConfig's ca certificates to specify configmap key Mar 4, 2026

openshift-ci-robot added the jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. label Mar 4, 2026

sriroopar force-pushed the proxy-ca-config branch 2 times, most recently from 22cc49e to 4555ca6 Compare March 11, 2026 17:20

openshift-merge-robot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Mar 11, 2026

sriroopar force-pushed the proxy-ca-config branch from 4555ca6 to bad186f Compare March 11, 2026 17:25

openshift-merge-robot removed the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Mar 11, 2026

sriroopar force-pushed the proxy-ca-config branch 2 times, most recently from 55f345b to 8299409 Compare March 12, 2026 12:46

openshift-merge-robot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Mar 12, 2026

sriroopar force-pushed the proxy-ca-config branch from 8299409 to 4bbed16 Compare March 12, 2026 12:53

openshift-merge-robot removed the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Mar 12, 2026

JoaoFula reviewed Mar 12, 2026

View reviewed changes

sriroopar force-pushed the proxy-ca-config branch from 4bbed16 to d17527e Compare March 13, 2026 14:33

openshift-merge-robot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Mar 13, 2026

Adding key field to proxyCA config.

8349797

sriroopar force-pushed the proxy-ca-config branch from d17527e to 8349797 Compare March 13, 2026 17:06

openshift-merge-robot removed the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Mar 13, 2026

Conversation

sriroopar commented Dec 23, 2025

Description

Type of change

Related Tickets & Documents

Checklist before requesting a review

Testing

Uh oh!

openshift-ci bot commented Dec 23, 2025

Uh oh!

sriroopar commented Dec 23, 2025

Uh oh!

sriroopar commented Dec 23, 2025

Uh oh!

sriroopar commented Jan 3, 2026

Uh oh!

sriroopar commented Jan 3, 2026

Uh oh!

sriroopar commented Jan 5, 2026

Uh oh!

blublinsky commented Jan 12, 2026

Uh oh!

sriroopar commented Jan 12, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

JoaoFula Jan 13, 2026

Choose a reason for hiding this comment

Uh oh!

JoaoFula commented Jan 14, 2026

Uh oh!

syedriko Mar 4, 2026

Choose a reason for hiding this comment

Uh oh!

openshift-ci-robot commented Mar 4, 2026 • edited by openshift-ci bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Description

Type of change

Related Tickets & Documents

Checklist before requesting a review

Testing

Uh oh!

JoaoFula commented Mar 4, 2026

Uh oh!

sriroopar commented Mar 4, 2026

Uh oh!

sriroopar commented Mar 4, 2026

Uh oh!

sriroopar commented Mar 6, 2026

Uh oh!

sriroopar commented Mar 10, 2026

Uh oh!

sriroopar commented Mar 10, 2026

Uh oh!

sriroopar commented Mar 11, 2026

Uh oh!

sriroopar commented Mar 11, 2026

Uh oh!

JoaoFula Mar 12, 2026

Choose a reason for hiding this comment

Uh oh!

openshift-ci bot commented Mar 13, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

7 participants

sriroopar commented Jan 12, 2026 •

edited

Loading

openshift-ci-robot commented Mar 4, 2026 •

edited by openshift-ci bot

Loading

openshift-ci bot commented Mar 13, 2026 •

edited

Loading