When using the agent-based installer, setting the additionalTrustBundlePolicy field is not taking effect. The reason for this is that assisted-service does not import the InstallConfig struct from the installer, but instead has its own independent copy in which this field is missing. Therefore the install-config-overrides cannot be applied.
This should be validated at the time the install-config-overrides are applied (and the code appears to do so), but for unknown reasons the overrides are being silently ignored.
A side-effect of this is that any other install-config-overrides are also silently ignored when the additionalTrustBundlePolicy is set to a non-default value. This can be observed e.g. by setting fips: true at the same time - the resulting cluster will not have FIPS enabled.
We need to both fix the validation (since users could manually edit the install-config-overrides annotation to add invalid fields) and populate additionalTrustBundlePolicy in assisted-service's copy of the InstallConfig type.
- blocks
-
OCPBUGS-57208 AdditionalTrustBundlePolicy still cannot be set in ABI
-
- Closed
-
- is caused by
-
OCPBUGS-42670 AdditionalTrustBundlePolicy in install-config.yaml should be used
-
- Closed
-
- is cloned by
-
OCPBUGS-57208 AdditionalTrustBundlePolicy still cannot be set in ABI
-
- Closed
-
- split to
-
OCPBUGS-56913 ABI failures after cluster is registered are ignored
-
- ASSIGNED
-
- links to
- mentioned on