Some clusters that were created with the agent-based installer and born in 4.15 contain all of the built-in CAs from CoreOS in the user-ca-bundle because of OCPBUGS-34721.
This causes adding a node on day 2 to fail because the InfraEnv manifest created is huge, and gets rejected by assisted-service with a 422 error.
We know the list of CAs that were present in 4.15, so we should work around this problem by ignoring those ones whenever they appear in the user-ca-bundle instead of adding them to the additionalTrustBundle in the InfraEnv.
- blocks
-
OCPBUGS-54744 Work around excess CA certs in additionalTrustBundle
-
- Closed
-
- is cloned by
-
OCPBUGS-54744 Work around excess CA certs in additionalTrustBundle
-
- Closed
-
- is duplicated by
-
AGENT-920 agent-register-infraenv fails in day2 node (appliance flow)
-
- Closed
-
- is related to
-
OCPBUGS-42173 Agent installer should validate the size of additionalTrustBundle
-
- ASSIGNED
-
- relates to
-
AGENT-939 Day2 add node via agent-install leftover tasks
-
- Release Pending
-
-
OCPBUGS-32042 Incorrect usage of install-config.yaml additionalTrustBundle field
-
- Closed
-
-
OCPBUGS-34721 Incorrect usage of install-config.yaml additionalTrustBundle field
-
- Closed
-
- links to
-
RHEA-2024:11038 OpenShift Container Platform 4.19.z bug fix update