Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-50659

CAPO deployed by CAPI operator doesn't work with OpenStack self signed CA cert

XMLWordPrintable

    • None
    • ShiftStack Sprint 267, ShiftStack Sprint 269
    • 2
    • False
    • Hide

      None

      Show
      None

      In TechPreviewNoUpgrade, CAPI Operator is deployed and takes care of deploying CAPO.

      However, we have seen in CI that when the OpenStack endpoints use a self signed CA certificate, CAPO complains about TLS:

       

      2025-02-12T21:20:57Z	ERROR	Reconciler error	{"controller": "clusteroperator", "controllerGroup": "config.openshift.io", "controllerKind": "ClusterOperator", "ClusterOperator": {"name":"cluster-api"}, "namespace": "", "name": "cluster-api", "reconcileID": "119878d6-e7b6-40d0-8f0d-2b88ace46cde", "error": "creating OpenStack provider scope: providerClient authentication err: Get \"https://38.102.83.27:13000/\": tls: failed to verify certificate: x509: certificate signed by unknown authority"}

      https://gcsweb-ci.apps.ci.l2s4.p1.openshiftapps.com/gcs/test-platform-results/pr-logs/pull/openshift_release/61578/rehearse-61578-pull-ci-openshift-cluster-api-provider-openstack-main-e2e-techpreview/1889755715736702976/artifacts/e2e-techpreview/gather-extra/artifacts/pods/openshift-cluster-api_capo-infracluster-controller-6cd94f99-7g9x9_manager.log

       

       

              emacchi@redhat.com Emilien Macchi
              emacchi@redhat.com Emilien Macchi
              Itshak Brown Itshak Brown
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated: