Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-41554

pod placement controller should not use cluster service-ca.crt CA to inspect image arch

XMLWordPrintable

    • No
    • 3
    • Multi-Arch Sprint 260, Multi-Arch Sprint 261
    • 2
    • False
    • Hide

      None

      Show
      None
    • In Progress

      Description of problem:

      The pod placement controller should not use cluster service-ca.crt CA to inspect image arch if the user don't added it to trusted anchors explicitly.

      Version-Release number of selected component (if applicable):

          

      How reproducible:

      always

      Steps to Reproduce:

          1. Build a registry in the clustet and use ingress to export the route, the router uses tls re-encryption   
          2. Deploy a workload with the image in above registry
          3. Check pod nodeaffinify
          

      Actual results:

      the kubelet can't pull image with error x509: certificate signed by unknown authority, but PPC can correctly inspect image arch and add nodeaffinify in it

      Expected results:

      The PPC should not use the cluster-ca.crt to inspect image if the user don't added it to trusted anchors explicitly.

      Additional info:

          

              tzivkovi@redhat.com Tori Zivkovic
              lwan-wanglin Lin Wang
              Lin Wang Lin Wang
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated: