-
Bug
-
Resolution: Unresolved
-
Major
-
None
-
4.18.0, 4.19.0
This is a clone of issue OCPBUGS-48830. The following is the description of the original issue:
—
Description of problem:
When the catalogd and operator-controller pods start, it sometimes happens that the "trusted-ca-bundle" ConfigMap has not yet had its "ca-bundle.crt" data item populated yet. When this happens, a directory is mounted at /var/trusted-cas/ca-bundle.crt instead of the expected CA file. The only way to resolve the problem is to manually delete the pod and let it be re-created AFTER the ca-bundle.crt data item is populated in the ConfigMap, at which point the file will mount correctly.
Version-Release number of selected component (if applicable):
How reproducible:
Not trivially reproducible because it is a race condition between the controller populating the ConfigMap and the OLMv1 controllers
Steps to Reproduce:
1.
2.
3.
Actual results:
When a Proxy CA is configured, catalogd and operator controller may be unable to pull images because they may fail to parse /var/trusted-cas/ca-bundle.crt (which is sometimes a directory)
Expected results:
Operator controller and catalogd pods always wait to start until the "trusted-ca-bundle" is populated with "ca-bundle.crt", thus ensuring the correct mount type for the CA certs.
Additional info:
- clones
-
-
- Verified
-
- is blocked by
-
-
- Verified
-
- links to
