From 17cbc6f2cc20ff95f597c07dae5611a5ed0e31a2 Mon Sep 17 00:00:00 2001 From: Andrew Burden Date: Mon, 30 Sep 2019 19:49:52 +0200 Subject: [PATCH] BZ#1715413 - Adding new content to cover the creation of a ConfigMap with TLS certificate for importing virtual machine images from endpints requiring TLS certificates. The ConfigMap must be in the same namespace as the DataVolume used to import the VM image. --- _topic_map.yml | 2 ++ ...ng-virtual-machine-images-datavolumes.adoc | 4 +++ .../cnv-tls-certificates-for-dv-imports.adoc | 11 ++++++++ ...ficates-for-authenticating-dv-imports.adoc | 27 +++++++++++++++++++ ...cnv-example-configmap-tls-certificate.adoc | 21 +++++++++++++++ modules/cnv-importing-vm-datavolume.adoc | 2 ++ 6 files changed, 67 insertions(+) create mode 100644 cnv/cnv_users_guide/cnv-tls-certificates-for-dv-imports.adoc create mode 100644 modules/cnv-adding-tls-certificates-for-authenticating-dv-imports.adoc create mode 100644 modules/cnv-example-configmap-tls-certificate.adoc diff --git a/_topic_map.yml b/_topic_map.yml index 8649777ec8..4e35594c52 100644 --- a/_topic_map.yml +++ b/_topic_map.yml @@ -1066,6 +1066,8 @@ Topics: - Name: Creating virtual machines File: cnv-create-vms ### Importing virtual machines + - Name: TLS certificates for DataVolume imports + File: cnv-tls-certificates-for-dv-imports - Name: Importing a VMware virtual machine or template with the virtual machine wizard File: cnv-importing-vmware-vm - Name: Importing virtual machine images with DataVolumes diff --git a/cnv/cnv_users_guide/cnv-importing-virtual-machine-images-datavolumes.adoc b/cnv/cnv_users_guide/cnv-importing-virtual-machine-images-datavolumes.adoc index 3f75d4c5a0..e3ed205631 100644 --- a/cnv/cnv_users_guide/cnv-importing-virtual-machine-images-datavolumes.adoc +++ b/cnv/cnv_users_guide/cnv-importing-virtual-machine-images-datavolumes.adoc @@ -21,6 +21,10 @@ Refer to the operating system documentation for details. .Prerequisites +* If the endpoint requires a TLS certificate, the certificate must be +xref:../../cnv/cnv_users_guide/cnv-tls-certificates-for-dv-imports.adoc#cnv-adding-tls-certificates-for-authenticating-dv-imports_cnv-tls-certificates-for-dv-imports[included in a ConfigMap] +in the same namespace as the DataVolume and referenced in the DataVolume configuration. + * You may need to xref:../../cnv/cnv_users_guide/cnv-preparing-cdi-scratch-space.adoc#cnv-defining-storageclass-in-cdi-configuration_cnv-preparing-cdi-scratch-space[define a StorageClass or prepare CDI scratch space] for this operation to complete successfully. diff --git a/cnv/cnv_users_guide/cnv-tls-certificates-for-dv-imports.adoc b/cnv/cnv_users_guide/cnv-tls-certificates-for-dv-imports.adoc new file mode 100644 index 0000000000..c666ebe63e --- /dev/null +++ b/cnv/cnv_users_guide/cnv-tls-certificates-for-dv-imports.adoc @@ -0,0 +1,11 @@ +[id="cnv-tls-certificates-for-dv-imports"] += TLS certificates for DataVolume imports +include::modules/cnv-document-attributes.adoc[] +include::modules/common-attributes.adoc[] +:context: cnv-tls-certificates-for-dv-imports +toc::[] + +include::modules/cnv-adding-tls-certificates-for-authenticating-dv-imports.adoc[leveloffset=+1] +include::modules/cnv-example-configmap-tls-certificate.adoc[leveloffset=+1] + + diff --git a/modules/cnv-adding-tls-certificates-for-authenticating-dv-imports.adoc b/modules/cnv-adding-tls-certificates-for-authenticating-dv-imports.adoc new file mode 100644 index 0000000000..602040658d --- /dev/null +++ b/modules/cnv-adding-tls-certificates-for-authenticating-dv-imports.adoc @@ -0,0 +1,27 @@ +// Module included in the following assemblies: +// +// * cnv/cnv_users_guide/cnv-tls-certificates-for-dv-imports.adoc + +[id="cnv-adding-tls-certificates-for-authenticating-dv-imports_{context}"] += Adding TLS certificates for authenticating DataVolume imports + +TLS certificates for registry or HTTPS endpoints must be added to a ConfigMap +in order to import data from these sources. This ConfigMap must be present +in the namespace of the destination DataVolume. + +Create the ConfigMap by referencing the relative file path for the TLS certificate. + +.Procedure + +. Ensure you are in the correct namespace. The ConfigMap can only be referenced by DataVolumes if it is in the same namespace. ++ +---- +$ oc get ns +---- + +. Create the ConfigMap: ++ +---- +$ oc create configmap --from-file= +---- + diff --git a/modules/cnv-example-configmap-tls-certificate.adoc b/modules/cnv-example-configmap-tls-certificate.adoc new file mode 100644 index 0000000000..14ed010b09 --- /dev/null +++ b/modules/cnv-example-configmap-tls-certificate.adoc @@ -0,0 +1,21 @@ +// Module included in the following assemblies: +// +// * cnv/cnv_users_guide/cnv-tls-certificates-for-dv-imports.adoc + +[id="cnv-example-configmap-tls-certificate_{context}"] += Example: ConfigMap created from a TLS certificate + +The following example is of a ConfigMap created from `ca.pem` TLS certificate. + +[source,yaml] +---- +apiVersion: v1 +kind: ConfigMap +metadata: + name: tls-certs +data: + ca.pem: | + -----BEGIN CERTIFICATE----- + ... ... + -----END CERTIFICATE----- +---- diff --git a/modules/cnv-importing-vm-datavolume.adoc b/modules/cnv-importing-vm-datavolume.adoc index bae46fcd85..89b5b24615 100644 --- a/modules/cnv-importing-vm-datavolume.adoc +++ b/modules/cnv-importing-vm-datavolume.adoc @@ -76,6 +76,7 @@ spec: http: url: https://download.fedoraproject.org/pub/fedora/linux/releases/28/Cloud/x86_64/images/Fedora-Cloud-Base-28-1.1.x86_64.qcow2 <1> secretRef: "" <2> + certConfigMap: "" <3> status: {} running: false template: @@ -104,6 +105,7 @@ status: {} ---- <1> The `HTTP` source of the image you want to import. <2> The `secretRef` parameter is optional. +<3> The `certConfigMap` is only required if the endpoint requires authentication. The referenced ConfigMap must be in the same namespace as the DataVolume. . Create the virtual machine: +