Bug 1720270

Summary: [4.1] TLS Keys Not Added to Registry Routes
Product: OpenShift Container Platform Reporter: Oleg Bulatov <obulatov>
Component: Image RegistryAssignee: Oleg Bulatov <obulatov>
Status: CLOSED ERRATA QA Contact: Wenjing Zheng <wzheng>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 4.1.0CC: adam.kaplan, aos-bugs, sponnaga, wsun, wzheng
Target Milestone: ---   
Target Release: 4.1.z   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard: 4.1.6
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Cause: the operator uses Secret.StringData that are write-only field to get data Consequence: the operator doesn't see the real data in the secret Fix: use Secret.Data instead Result: the operator sees the values
 Story Points: ---
Clone Of: 1719965
: 1730407 (view as bug list) Environment:
Last Closed: 2019-07-23 18:12:07 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1719965    
Bug Blocks: 1730407    

Description Oleg Bulatov 2019-06-13 14:27:27 UTC 
+++ This bug was initially created as a clone of Bug #1719965 +++

Description of problem: TLS keys and certificates not added to image registry routes.


Version-Release number of selected component (if applicable): v4.1.0


How reproducible: Always


Steps to Reproduce:
1. Create a TLS keypair via openssl
2. Using the keypair, create a TLS secret in the image-registry namespace:
```
$ oc create secret tls my-tls -n image-registry --cert my-tls.crt --key my-tls.key1
```
3. Instruct the registry operator to create a route with the provided tls secret
```
$ oc edit config.imageregistry.operator.openshift/io/cluster
...
spec:
  routes:
  - name: registry-url
    hostname: registry.apps.mycluster.myorg.net
    secretName: my-tls
```

Actual results: 
Route `registry-url` is created without TLS certificates added.


Expected results:
Route `registry-url` should have the TLS key and certificate defined.


Additional info:

--- Additional comment from Oleg Bulatov on 2019-06-13 16:25:51 CEST ---

https://github.com/openshift/cluster-image-registry-operator/pull/299
Comment 1 Oleg Bulatov 2019-06-13 19:06:27 UTC 
https://github.com/openshift/cluster-image-registry-operator/pull/300
Comment 3 Wenjing Zheng 2019-07-08 03:02:04 UTC 
Verified on 4.1.0-0.nightly-2019-07-07-154416:
spec:
  host: wzheng-route-openshift-image-registry.apps.qe-wewang-42.qe.devcluster.openshift.com
  subdomain: ""
  tls:
    certificate: |
      -----BEGIN CERTIFICATE-----
     ........
      -----END CERTIFICATE-----
    key: |
      -----BEGIN PRIVATE KEY-----
      -----END PRIVATE KEY-----
    termination: reencrypt
Comment 5 errata-xmlrpc 2019-07-23 18:12:07 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2019:1766