Loading...

XML

Word

Printable

Type: Story
Resolution: Done
Priority: Undefined
Fix Version/s: None
Affects Version/s: None
Labels:
None

Activity Type:
None
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Ready:
False
Epic Link:
4.20 Tech Debt
Story Points:
3

Target Version:
None
Release Blocker:
None
Sprint:
None

CertPoolWatcher is currently only set up to support pull CAs in operator-controller.

It needs to be added to operator-controller for support of pull CAs. The HttpsClient uses a pool watcher to get its CAs, but nothing is watching the pool of pull secrets.

Catalogd also needs a CertPoolWatcher for it's pull CAs.

CertPoolWatcher also needs to restart the app when it determines that the SystemCertPool needs to be updated, as that pool cannot be updated once created. This is usually detected through changes to files referenced via SSL_CERT_FILE and SSL_CERT_DIR, as the SystemCertPool is referenced that way.

relates to

OCPBUGS-60868 OLMv1 fail to use the custom CA: x509: certificate signed by unknown authority

Verified

links to

RFC: Everything You Wanted To Know About OLMv1 Certificates But Were Afraid To Ask

Assignee:: Todd Short

Reporter:: Todd Short

Contributors:: None

QA Contact:: None

Doc Contact:: None

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Created:: 2025/08/29 12:39 PM

Updated:: 2025/09/09 7:15 PM

Resolved:: 2025/09/09 7:15 PM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates

Hide