Bug 1796749
Summary: | Using `oc tag` with the internal registry results in x509: certificate signed by unknown authority | ||
---|---|---|---|
Product: | OpenShift Container Platform | Reporter: | Veer Muchandi <veer> |
Component: | ImageStreams | Assignee: | Oleg Bulatov <obulatov> |
Status: | CLOSED DUPLICATE | QA Contact: | XiuJuan Wang <xiuwang> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 4.3.z | CC: | adam.kaplan, aos-bugs, bparees, jokerman, wzheng |
Target Milestone: | --- | ||
Target Release: | 4.4.0 | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2020-02-02 21:14:28 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Veer Muchandi
2020-01-31 05:46:17 UTC
Oleg, I seem to recall we had issues w/ the apiserver not being able to import images from the internal registry via the external route because it didn't trust the router CA, but the apiserver ought to trust the internal server hostname, right? possible dupe of https://bugzilla.redhat.com/show_bug.cgi?id=1788235 @bparees not a duplicate. 1788235 is tech debt identified by the apiserver team - the current CA mechanics should work as-is. I am not seeing a "image-import-ca" configmap in the apiserver namespace. So i think this logic got broken somehow: https://github.com/openshift/cluster-openshift-apiserver-operator/blob/master/pkg/operator/workloadcontroller/workload_controller_openshiftapiserver_v311_00.go#L277-L293 (when we fix this we need to add an e2e that confirms that we can import images from the internal registry... especially because there are plans to potentially refactor this CA management in the future). *** This bug has been marked as a duplicate of bug 1716835 *** |