-
Bug
-
Resolution: Unresolved
-
Minor
-
None
-
4.17.z, 4.18.0
-
No
-
3
-
Multi-Arch Sprint 260, Multi-Arch Sprint 261
-
2
-
False
-
-
In Progress
-
-
Description of problem:
The pod placement controller should not use cluster service-ca.crt CA to inspect image arch if the user don't added it to trusted anchors explicitly.
Version-Release number of selected component (if applicable):
How reproducible:
always
Steps to Reproduce:
1. Build a registry in the clustet and use ingress to export the route, the router uses tls re-encryption 2. Deploy a workload with the image in above registry 3. Check pod nodeaffinify
Actual results:
the kubelet can't pull image with error x509: certificate signed by unknown authority, but PPC can correctly inspect image arch and add nodeaffinify in it
Expected results:
The PPC should not use the cluster-ca.crt to inspect image if the user don't added it to trusted anchors explicitly.
Additional info:
- links to
-
RHEA-2024:6122 OpenShift Container Platform 4.18.z bug fix update