Uploaded image for project: 'Red Hat Advanced Cluster Management'
  1. Red Hat Advanced Cluster Management
  2. ACM-27312

gitops addon for ACM does not pull the right CA

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Undefined Undefined
    • None
    • ACM 2.14.0
    • Application Lifecycle
    • None
    • Moderate
    • None

      Description of problem:

      ACM gitops addon uses `kube-apiserver-lb-signer` instead of `ManagedCluster.spec.managedClusterClientConfigs[].caBundle` when generating the argoCD cluster secrets, resulting in incorrect `caData` in the kubeconfig.
       

      Version-Release number of selected component (if applicable):

      RHACM 2.14
      gitops 3.1

      How reproducible:

      customer environment

      Steps to Reproduce:

      1. configure a cabundle for the managedcluster 
      2. make the acm argocd plugin generate the arcocd cluster secrets
      3. ...

      Actual results:

      kubeconfigs generated with incorrect cadata causing argocd to fail all tls valiadation for acm-managed clusters with a `x509 certificate signed by unknown authority`

      Expected results:

      kubeconfigs generate with the data from `ManagedCluster.spec.managedClusterClientConfigs[].caBundle` instead of `kube-apiserver-lb-signer` when set.

      Additional info:

      managedserviceaccount is enabled
      gitops addon is enagled (gitopscluster + placement)

        1. msa-addon-template.yaml
          14 kB

              xiangli@redhat.com Xiangjing Li
              rhn-support-fdewaley Felix Dewaleyne
              David Huynh David Huynh
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated: