Bug 1892127
| Summary: | path to the CA trust bundle ConfigMap is broken in report operator | ||
|---|---|---|---|
| Product: | OpenShift Container Platform | Reporter: | OpenShift BugZilla Robot <openshift-bugzilla-robot> |
| Component: | Metering Operator | Assignee: | tflannag |
| Status: | CLOSED ERRATA | QA Contact: | Peter Ruan <pruan> |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | 4.7 | CC: | aos-bugs, btofel, gparente, pruan, sd-operator-metering |
| Target Milestone: | --- | ||
| Target Release: | 4.6.z | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: |
When the cluster-wide Proxy has been enabled, Metering reconciles a ConfigMap with the `config.openshift.io/inject-trusted-cabundle="true"` annotation and the Cluster Networking Operator is reponsible for populating those ConfigMap contents with the merged user-provided and system CA bundles.
When mounting those ConfigMap contents in the reporting-operator Deployment, an invalid container filename was specified for the reporting-operator and oauth proxy sidecar container.
This resulted in an invalid symbolic link being established in the /etc/pki/tls/cert.pem, which the sidecar container is configured to trust. In some customer environments, Metering would be unable to work with the configured cluster-wide Proxy object.
After properly updating the container filename to match the recommendations in [1], that symbolic link was properly established again.
[1] https://docs.openshift.com/container-platform/4.5/networking/configuring-a-custom-pki.html#certificate-injection-using-operators_configuring-a-custom-pki
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2020-11-30 16:27:16 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1890741 | ||
| Bug Blocks: | 1890733, 1900116 | ||
|
Comment 4
Peter Ruan
2020-11-26 01:01:53 UTC
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (OpenShift Container Platform 4.6.6 extras update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:5117 |