Description of problem:
When the catalogd and operator-controller pods start, it sometimes happens that the "service-ca" ConfigMap has not yet had its "service-ca.crt" data item populated yet. When this happens, a directory is mounted at /var/trusted-cas/service-ca.crt instead of the expected CA file. The only way to resolve the problem is to manually delete the pod and let it be re-created AFTER the service-ca.crt data item is populated in the ConfigMap, at which point the file will mount correctly.
Version-Release number of selected component (if applicable):
How reproducible:
Not trivially reproducible because it is a race condition between the controller populating the ConfigMap and the OLMv1 controllers
Steps to Reproduce:
1.
2.
3.
Actual results:
When a Proxy CA is configured, catalogd and operator controller may be unable to communicate because they may fail to parse /var/trusted-cas/service-ca.crt (which is sometimes a directory)
Expected results:
Operator controller and catalogd pods always wait to start until the "service-ca" is populated with "service-ca.crt", thus ensuring the correct mount type for the CA certs.
Additional info:
- clones
-
OCPBUGS-48830 OLMv1: Proxy CA mount does not wait until ca-bundle.crt is ready
-
- Verified
-
- is cloned by
-
-
- ON_QA
-
- is depended on by
-
-
- ON_QA
-
- links to
