Uploaded image for project: 'Red Hat Developer Hub Bugs'
  1. Red Hat Developer Hub Bugs
  2. RHDHBUGS-1519

nodejs don't trust cluster wide trustbundle

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Normal Normal
    • None
    • 1.4.3
    • Helm Chart, Operator, Plugins
    • None
    • False
    • Hide

      None

      Show
      None
    • False
    • Known Issue

      I tried to configure Ansible Automation Plaform (AAP) backend, my AAP backend a certificate signed by an internal root ca.

      The internal root ca is configured in OCP:

       

       

      $ oc get proxy/cluster -o yaml
apiVersion: config.openshift.io/v1
kind: Proxy
metadata:
  name: cluster
spec:
  trustedCA:
    name: redhat-ca-bundle-v1

      How to fix it:

       

      Create configmap with all trusted-ca's

      $ oc create -f - <<EOF
apiVersion: v1
kind: ConfigMap
metadata:
  labels:
    config.openshift.io/inject-trusted-cabundle: "true"
  name: trusted-ca
EOF

       

      Adjust the deployment of backstage and the backstage container:

       

              env:
        - name: NODE_EXTRA_CA_CERTS
          value: /ca/ca-bundle.crt
        volumeMounts:
        - mountPath: /ca/
          name: trusted-ca
          readOnly: true
...
      volumes:
      - configMap:
          defaultMode: 420
          name: trusted-ca
        name: trusted-ca

       

       

      Internal discussion: https://redhat-internal.slack.com/archives/C05HGAR2DT5/p1707993143453289

       

       

              Unassigned Unassigned
              rbohne Robert Bohne
              RHIDP - Install
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated: