Bug 1719965
Summary: | TLS Keys Not Added to Registry Routes | |||
---|---|---|---|---|
Product: | OpenShift Container Platform | Reporter: | Adam Kaplan <adam.kaplan> | |
Component: | Image Registry | Assignee: | Oleg Bulatov <obulatov> | |
Status: | CLOSED ERRATA | QA Contact: | Wenjing Zheng <wzheng> | |
Severity: | medium | Docs Contact: | ||
Priority: | unspecified | |||
Version: | 4.1.0 | CC: | aos-bugs | |
Target Milestone: | --- | |||
Target Release: | 4.2.0 | |||
Hardware: | Unspecified | |||
OS: | Unspecified | |||
Whiteboard: | ||||
Fixed In Version: | Doc Type: | Bug Fix | ||
Doc Text: |
Cause: the operator uses Secret.StringData that are write-only field to get data
Consequence: the operator doesn't see the real data in the secret
Fix: use Secret.Data instead
Result: the operator sees the values
|
Story Points: | --- | |
Clone Of: | ||||
: | 1720270 (view as bug list) | Environment: | ||
Last Closed: | 2019-10-16 06:31:56 UTC | Type: | Bug | |
Regression: | --- | Mount Type: | --- | |
Documentation: | --- | CRM: | ||
Verified Versions: | Category: | --- | ||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
Cloudforms Team: | --- | Target Upstream Version: | ||
Embargoed: | ||||
Bug Depends On: | ||||
Bug Blocks: | 1720270, 1730407 |
Description
Adam Kaplan
2019-06-12 20:25:23 UTC
Verified on 4.2.0-0.nightly-2019-06-25-222454 with below steps: 1. $openssl req -nodes -newkey rsa:2048 -keyout myregistry.key -out myregistry.crt -x509 2. $ oc create secret tls my-tls -n openshift-image-registry --cert myregistry.crt --key myregistry.key 3. $ oc edit config.imageregistry.operator.openshift.io/cluster spec: routes: - name: myregistry hostname: wzheng-route-openshift-image-registry.apps.qe-wewang-42.qe.devcluster.openshift.com secretName: my-tls 4. TLS can be seen as below: spec: host: wzheng-route-openshift-image-registry.apps.qe-wewang-42.qe.devcluster.openshift.com subdomain: "" tls: certificate: | -----BEGIN CERTIFICATE----- xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx -----END CERTIFICATE----- key: | -----BEGIN PRIVATE KEY----- -----END PRIVATE KEY----- termination: reencrypt Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2019:2922 |