Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-41554

pod placement controller should not use cluster service-ca.crt CA to inspect image arch

XMLWordPrintable

    • No
    • False
    • Hide

      None

      Show
      None

      Description of problem:

      The pod placement controller should not use cluster service-ca.crt CA to inspect image arch if the user don't added it to trusted anchors explicitly.

      Version-Release number of selected component (if applicable):

      How reproducible:

      always

      Steps to Reproduce:

          1. Build a registry in the clustet and use ingress to export the route, the router uses tls re-encryption   
    2. Deploy a workload with the image in above registry
    3. Check pod nodeaffinify

      Actual results:

      the kubelet can't pull image with error x509: certificate signed by unknown authority, but PPC can correctly inspect image arch and add nodeaffinify in it

      Expected results:

      The PPC should not use the cluster-ca.crt to inspect image if the user don't added it to trusted anchors explicitly.

      Additional info:

            rhn-support-adistefa Alessandro Di Stefano
            lwan-wanglin Lin Wang
            Lin Wang Lin Wang
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated: