Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-13752

AdditionalTrustBundle is only included when doing mirroring

    XMLWordPrintable

Details

    • Important
    • Sprint 236, Sprint 238
    • 2
    • No
    • Rejected
    • False
    • Hide

      None

      Show
      None
    • Hide
      The certificates in AdditionalTrustBundle field in install-config.yaml were only propagated to the final image when the ImageContentSources field is also set for mirroring. If mirroring is not set then the additional certs were on the bootstrap but not the final image.

      This can cause a problem when user has set up a proxy and wants to add additional certs as described here https://docs.openshift.com/container-platform/4.12/networking/configuring-a-custom-pki.html#installation-configure-proxy_configuring-a-custom-pki.
      The fix is to propagate these certificates whether or not the ImageContentSources field is also set.
      Show
      The certificates in AdditionalTrustBundle field in install-config.yaml were only propagated to the final image when the ImageContentSources field is also set for mirroring. If mirroring is not set then the additional certs were on the bootstrap but not the final image. This can cause a problem when user has set up a proxy and wants to add additional certs as described here https://docs.openshift.com/container-platform/4.12/networking/configuring-a-custom-pki.html#installation-configure-proxy_configuring-a-custom-pki . The fix is to propagate these certificates whether or not the ImageContentSources field is also set.
    • Bug Fix

    Description

      This is a clone of issue OCPBUGS-13535. The following is the description of the original issue:

      Description of problem:

      The AdditionalTrustBundle field in install-config.yaml can be used to add additional certs, however these certs are only propagated to the final image when the ImageContentSources field is also set for mirroring. If mirroring is not set then the additional certs will be on the bootstrap but not the final image.
      
      This can cause a problem when user has set up a proxy and wants to add additional certs as described here https://docs.openshift.com/container-platform/4.12/networking/configuring-a-custom-pki.html#installation-configure-proxy_configuring-a-custom-pki

      Version-Release number of selected component (if applicable):

       

      How reproducible:

       

      Steps to Reproduce:

      1.
      2.
      3.
      

      Actual results:

       

      Expected results:

       

      Additional info:

       

      Attachments

        Issue Links

          Activity

            People

              bfournie@redhat.com Robert Fournier
              openshift-crt-jira-prow OpenShift Prow Bot
              Biagio Manzari Biagio Manzari
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: