Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-56912

ignition config doesn't include the proxy trusted CA for hosted cluter's proxy

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Normal Normal
    • None
    • 4.19
    • HyperShift
    • Quality / Stability / Reliability
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • In Progress
    • Bug Fix
    • Hide
       * Previously, when you set a secure proxy for a `HostedCluster` resource that served a certificate signed by a custom CA, that CA was not included in the initial ignition configuration for the node. As a result, the node did not boot due to failed ignition. This release fixes the issue by including the trusted CA for the proxy in the initial ignition configuration, which results in a successful node boot and ignition. (link:https://issues.redhat.com/browse/OCPBUGS-56896[OCPBUGS-56912])
      Show
       * Previously, when you set a secure proxy for a `HostedCluster` resource that served a certificate signed by a custom CA, that CA was not included in the initial ignition configuration for the node. As a result, the node did not boot due to failed ignition. This release fixes the issue by including the trusted CA for the proxy in the initial ignition configuration, which results in a successful node boot and ignition. (link: https://issues.redhat.com/browse/OCPBUGS-56896 [ OCPBUGS-56912 ])
    • None
    • None
    • None
    • None

      This is a clone of issue OCPBUGS-56896. The following is the description of the original issue:

      Description

      When setting a secure proxy for a HostedCluster that is serving a certificate signed by a custom CA, you need to set the proxy's spec.trustedCA . However, that CA cert won't be included in the node's initial ignition config and it'll fail to do proper ignition.

      Steps to Reproduce:

          1. Create a proxy serving http and https. For the https, use a certificate that's signed by a custom CA. 
    2. Create a {{HostedCluster}} and set the `spec.configuration.proxy` and make sure to set the `trusterCA` field in the `proxy`.

      Actual results:

      Nodes won't reach ignition.

      Expected results:

      Nodes reach ignition successfully.

      Additional info:

              rh-ee-aabdelre Ahmed Abdalla Abdelrehim
              openshift-crt-jira-prow OpenShift Prow Bot
              None
              None
              Yu Li Yu Li
              None
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated: