This is a clone of issue OCPBUGS-56596. The following is the description of the original issue:
—
When using the agent-based installer, setting the additionalTrustBundlePolicy field is not taking effect. The reason for this is that assisted-service does not import the InstallConfig struct from the installer, but instead has its own independent copy in which this field is missing. Therefore the install-config-overrides cannot be applied.
This should be validated at the time the install-config-overrides are applied (and the code appears to do so), but for unknown reasons the overrides are being silently ignored.
A side-effect of this is that any other install-config-overrides are also silently ignored when the additionalTrustBundlePolicy is set to a non-default value. This can be observed e.g. by setting fips: true at the same time - the resulting cluster will not have FIPS enabled.
We need to both fix the validation (since users could manually edit the install-config-overrides annotation to add invalid fields) and populate additionalTrustBundlePolicy in assisted-service's copy of the InstallConfig type.
- blocks
-
OCPBUGS-57306 AdditionalTrustBundlePolicy still cannot be set in ABI
-
- Closed
-
- clones
-
OCPBUGS-56596 AdditionalTrustBundlePolicy still cannot be set in ABI
-
- Verified
-
- is blocked by
-
OCPBUGS-56596 AdditionalTrustBundlePolicy still cannot be set in ABI
-
- Verified
-
- is cloned by
-
OCPBUGS-57306 AdditionalTrustBundlePolicy still cannot be set in ABI
-
- Closed
-
- links to
-
RHBA-2025:9278 OpenShift Container Platform 4.19.1 bug fix update