[jira] [Work logged] (KNOX-3304) Support for Openshift/SCC

Thu, 23 Apr 2026 03:13:09 -0700 


     [ 
https://issues.apache.org/jira/browse/KNOX-3304?focusedWorklogId=1017020&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-1017020
 ]

ASF GitHub Bot logged work on KNOX-3304:
----------------------------------------

                Author: ASF GitHub Bot
            Created on: 23/Apr/26 10:12
            Start Date: 23/Apr/26 10:12
    Worklog Time Spent: 10m 
      Work Description: moresandeep commented on code in PR #1209:
URL: https://github.com/apache/knox/pull/1209#discussion_r3130010517


##########
gateway-docker/src/main/resources/docker/gateway-entrypoint.sh:
##########
@@ -53,15 +54,26 @@ importMultipleCerts() {
   # step 2), increment counter when last line of cert is found
   for N in $(/usr/bin/seq 0 $((CERTS - 1))); do
     ALIAS="${FILE%.*}-$N"
-    /bin/cat "$FILE" |
+    # Make import idempotent across restarts when truststore is persisted.
+    keytool -delete \

Review Comment:
   `-trustcacerts` only matters when keytool is doing something that depends on 
who is already trusted, while building or checking a chain against the JDK’s 
cacerts while importing a cert.
   
   `-delete` doesn’t validate chains or decide trust. It only drops the entry 
with that alias from `truststore.jks`. 





Issue Time Tracking
-------------------

    Worklog Id:     (was: 1017020)
    Time Spent: 1h 50m  (was: 1h 40m)

> Support for Openshift/SCC
> -------------------------
>
>                 Key: KNOX-3304
>                 URL: https://issues.apache.org/jira/browse/KNOX-3304
>             Project: Apache Knox
>          Issue Type: Task
>          Components: docker
>    Affects Versions: 2.1.0
>            Reporter: Sandeep More
>            Assignee: Sandeep More
>            Priority: Major
>         Attachments: 
> 0001-KNOX-3304-added-installation-of-curl-in-the-Docker.patch, 
> 0002-KNOX-3304-fixed-import-of-letsencrupt-root-cert.patch
>
>          Time Spent: 1h 50m
>  Remaining Estimate: 0h
>
> The current docker image that is generated does not work with Openshift and 
> ECS platform due to restrictions imposed by the platforms. Specifically, 
> there are two requirements
>  # The helm chart that installs Knox image should use an arbitrary runAsUser
>  # The helm chart should not have any runAsGroup and fsUser 



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to