Loading...

XML

Word

Printable

Type: Bug
Resolution: Done-Errata
Priority: Normal
Fix Version/s: 4.12.z
Affects Version/s: 4.12.z
Component/s: Installer / Agent based installation
Labels:
- triaged

Severity:
Important
Regression:
No
Sprint:
Sprint 240
sprint_count:
1
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Release Note Text:

Hide
The certificates in AdditionalTrustBundle field in install-config.yaml were only propagated to the final image when the ImageContentSources field is also set for mirroring. If mirroring is not set then the additional certs were on the bootstrap but not the final image.

This can cause a problem when user has set up a proxy and wants to add additional certs as described here https://docs.openshift.com/container-platform/4.12/networking/configuring-a-custom-pki.html#installation-configure-proxy_configuring-a-custom-pki.
The fix is to propagate these certificates whether or not the ImageContentSources field is also set.

Show
The certificates in AdditionalTrustBundle field in install-config.yaml were only propagated to the final image when the ImageContentSources field is also set for mirroring. If mirroring is not set then the additional certs were on the bootstrap but not the final image. This can cause a problem when user has set up a proxy and wants to add additional certs as described here https://docs.openshift.com/container-platform/4.12/networking/configuring-a-custom-pki.html#installation-configure-proxy_configuring-a-custom-pki . The fix is to propagate these certificates whether or not the ImageContentSources field is also set.
Release Note Type:
Bug Fix
Target Version:

4.12.z

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

This is a clone of issue ~~OCPBUGS-13752~~. The following is the description of the original issue:
—
This is a clone of issue ~~OCPBUGS-13535~~. The following is the description of the original issue:
—
Description of problem:

The AdditionalTrustBundle field in install-config.yaml can be used to add additional certs, however these certs are only propagated to the final image when the ImageContentSources field is also set for mirroring. If mirroring is not set then the additional certs will be on the bootstrap but not the final image.

This can cause a problem when user has set up a proxy and wants to add additional certs as described here https://docs.openshift.com/container-platform/4.12/networking/configuring-a-custom-pki.html#installation-configure-proxy_configuring-a-custom-pki

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:

1.
2.
3.

Actual results:

Expected results:

Additional info:

clones

OCPBUGS-13752 AdditionalTrustBundle is only included when doing mirroring

Closed

is blocked by

OCPBUGS-13752 AdditionalTrustBundle is only included when doing mirroring

Closed

is duplicated by

OCPBUGS-16923 Agent-based installation fails when using custom proxy certificates

Closed

links to

openshift/installer#7386: [release-4.12] OCPBUGS-17174: Set AdditionalTrustBundle in override when mirroring not enabled

RHBA-2023:4608 OpenShift Container Platform 4.12.z bug fix update

Assignee:: Robert Fournier

Reporter:: OpenShift Prow Bot

QA Contact:: zhenying niu

Votes:: 0 Vote for this issue

Watchers:: 8 Start watching this issue

Created:: 2023/08/01 8:42 PM

Updated:: 2024/02/15 3:22 PM

Resolved:: 2023/08/16 9:14 AM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates