Laura Fitzgerald
Laura Fitzgerald
# **Suggested Verification Steps:** ## **Setup** Deploy this copy of 3scale-operator to a ROSA STS enabled cluster. Seed the secret with keys `AWS_BUCKET`, `AWS_REGION`, `AWS_ROLE_ARN` , `AWS_WEB_IDENTITY_TOKEN_FILE` with name `s3-credentials`...
Verifying the following on @valerymo cluster Aipmanager cr has the value (variable name needs a cleanup but this is just cosmetic)  For each pods...
Verifying the following on @valerymo cluster Aipmanager cr doesn't have the value so sts should be false  For each pods system-app system-app-X-hook-pre system-sidekiq the...
**Verification** Invalid config of secret in case of sts true produces error. confirm that error is produced by the operator
**## Re-verifing after recent changes** ### **STS enabled true in apimanager cr.** system-app envs and volumes present and correct as above. system-app-X-hook-pre envs and volumes present and correct as above....
**## Re-verifing after recent changes** **### STS not present in apimanager cr.** system-app envs and volumes _not_ present and correct as above. system-app-X-hook-pre envs and volumes _not_ present and correct...
Confirming that in sts enabled true if AWS_WEB_IDENTITY_TOKEN_FILE is missing is reporting an error.
Confirming that diff before I pushed the sqaush produce 0 differences. @valerymo can you also confirm from your local copy pre squash.
> [@laurafitzgerald](https://github.com/laurafitzgerald) I would be in favour of calling this mTLS rather than zero trust. Kinda like calling a spade a spade :) cc [@guicassolato](https://github.com/guicassolato) ack. I don't have a...
### Verification Steps ## Setup Run `make cert-manager` To ray-operator/config/manager/manager.yaml - add `,MTLS=true` to `--feature-gates` flag value - image: quay.io/laurafitzgerald/kuberay:mtls To ray-operator/config/default/kustomization.yaml ``` name: kuberay/operator newName: quay.io/laurafitzgerald/kuberay newTag: mtls ```...