Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-17811

Ensure Bootstrap has access to Image Registry Certs

XMLWordPrintable

    • +
    • No
    • MCO Sprint 241, MCO Sprint 242
    • 2
    • Rejected
    • False
    • Hide

      None

      Show
      None
    • Hide
      * Previously, the Machine Config Operator became the default provider of image registry certificates and the `node-ca` daemon was removed. This caused issues with the HyperShift Operator, because removing the `node-ca` daemon also removed the image registry path in the Machine Config Server (MCS), which HyperShift uses to get the Ignition configuration and start the bootstrap process. With this update, a flag containing the MCS image registry data is provided which Ignition can use during the bootstrap process, thereby resolving the issue. (https://issues.redhat.com/browse/OCPBUGS-17811[*OCPBUGS-17811*])
      Show
      * Previously, the Machine Config Operator became the default provider of image registry certificates and the `node-ca` daemon was removed. This caused issues with the HyperShift Operator, because removing the `node-ca` daemon also removed the image registry path in the Machine Config Server (MCS), which HyperShift uses to get the Ignition configuration and start the bootstrap process. With this update, a flag containing the MCS image registry data is provided which Ignition can use during the bootstrap process, thereby resolving the issue. ( https://issues.redhat.com/browse/OCPBUGS-17811 [* OCPBUGS-17811 *])
    • Bug Fix
    • Done

      Description of problem:

      in 4.14, the MCO became the default provider of image registry certificates. However, all of these certs are put onto disk and into config in cluster. We need a way for components like hypershift, to be able to provide certificates they need to run properly during their bootstrap process.

      Version-Release number of selected component (if applicable):

       

      How reproducible:

      always with hypershift

      Steps to Reproduce:

      1. bootstrap a hypershift cluster
2. will fail due to image pull errors

      Actual results:

      failure due to lack of IR certs

      Expected results:

      IR certs provided by the component who needs them via a cmd flag, bootstrap success.

      Additional info:

       

            cdoern@redhat.com Charles Doern
            cdoern@redhat.com Charles Doern
            Sergio Regidor de la Rosa Sergio Regidor de la Rosa
            Votes:
            0 Vote for this issue
            Watchers:
            7 Start watching this issue

              Created:
              Updated:
              Resolved: