-
Bug
-
Resolution: Done-Errata
-
Major
-
4.15
This is a clone of issue OCPBUGS-35905. The following is the description of the original issue:
—
Description of problem:
The builds installed in the hosted clusters are having issues to git-clone repositories from external URLs where their CA are configured in the ca-bundle.crt from trsutedCA section: spec: configuration: apiServer: [...] proxy: trustedCA: name: user-ca-bundle <--- In traditional OCP implementations, the *-global-ca configmap is installed in the same namespace from the build and the ca-bundle.crt is injected into this configmap. In hosted clusters the configmap is being created empty: $ oc get cm -n <app-namespace> <build-name>-global-ca -oyaml apiVersion: v1 data: ca-bundle.crt: "" As mentioned, the user-ca-bundle has the certificates configured: $ oc get cm -n openshift-config user-ca-bundle -oyaml apiVersion: v1 data: ca-bundle.crt: | -----BEGIN CERTIFICATE----- <---
Version-Release number of selected component (if applicable):
How reproducible:
Easily
Steps to Reproduce:
1. Install hosted cluster with trustedCA configmap 2. Run a build in the hosted cluster 3. Check the global-ca configmap
Actual results:
global-ca is empty
Expected results:
global-ca injects the ca-bundle.crt properly
Additional info:
- blocks
-
OCPBUGS-37178 ca-bundle.crt is not injected in the global-ca configmaps from builds in HCP cluster
- Closed
- clones
-
OCPBUGS-35905 ca-bundle.crt is not injected in the global-ca configmaps from builds in HCP cluster
- Closed
- is blocked by
-
OCPBUGS-35905 ca-bundle.crt is not injected in the global-ca configmaps from builds in HCP cluster
- Closed
- is cloned by
-
OCPBUGS-37178 ca-bundle.crt is not injected in the global-ca configmaps from builds in HCP cluster
- Closed
- links to
-
RHBA-2024:5422 OpenShift Container Platform 4.16.z bug fix update