-
Story
-
Resolution: Unresolved
-
Normal
-
None
-
None
-
None
-
None
-
False
-
None
-
False
-
-
-
0
-
0
-
0
The image registry node-ca daemonset is going away. We need to instead lay down its CA using the MCO.
Because in HyperShift we only run the MCO in bootstrap mode, we will need to pass the image registry CA to the MCO when generating the ignition payload. That will be made possible by this PR: https://github.com/openshift/machine-config-operator/pull/3876
Note: In order to generate the CA for the image registry, we will need to move the service-ca operator to the control plane side.
Acceptance Criteria:
Image registry is functional on a hypershift cluster without the node-ca daemonset
(optional) Out of Scope:
Detail about what is specifically not being delivered in the story
Engineering Details:
- (optional) https://github/com/link.to.enhancement/
- (optional) https://issues.redhat.com/link.to.spike
- Engineering detail 1
- Engineering detail 2
This requires/does not require a design proposal.
This requires/does not require a feature gate.
- blocks
-
IR-373 Remove node-ca from CIRO
-
- To Do
-
