Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-15267

External PKI reconcilation deploys broken due to invalid dependency on additional user ca bundles

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Critical Critical
    • None
    • 4.13, 4.12
    • HyperShift
    • None
    • No
    • Proposed
    • False
    • Hide

      None

      Show
      None

      Description of problem:

      The introduction of this change: https://github.com/openshift/hypershift/commit/361c741554b7917ee91582ce2c660ddf35bf424e introduced an invalid hard dependency on the trusted-ca-bundle-managed component configmap existing when it should be optional and only utilzed when additional CA bundles are specified. It regresses reconciliation of deploys that do not have this including external PKI deploys and also regresses the RHCOS ignition data generation process of those clusters.

      Version-Release number of selected component (if applicable):

      4.13 4.12

      How reproducible:

      100%

      Steps to Reproduce:

      1. Deploy a hypershift cluster without the trusted-ca-bundle-managed cm or delete the trusted-ca-bundle-managed cm from the cluster namespace

      Actual results:

       machine-config-server cm will never be generated and logs in the control-plane-operator will fail on that component not existing

      Expected results:

      It should continue to reconcile and generate the config without the user additional ca bundles when the user does not specify them

      Additional info:

       

              agarcial@redhat.com Alberto Garcia Lamela
              lisowskiibm Tyler Lisowski
              Jie Zhao Jie Zhao
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated: