Bug 1981634

Summary: enhance service-ca injection
Product: OpenShift Container Platform Reporter: OpenShift BugZilla Robot <openshift-bugzilla-robot>
Component: service-caAssignee: David Eads <deads>
Status: CLOSED ERRATA QA Contact: liyao
Severity: high Docs Contact:
Priority: unspecified    
Version: 4.9CC: aos-bugs, liyao, mfojtik, surbania, xxia
Target Milestone: ---   
Target Release: 4.7.z   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-07-26 17:35:23 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1981633    
Bug Blocks:    

Description OpenShift BugZilla Robot 2021-07-13 03:17:08 UTC 
+++ This bug was initially created as a clone of Bug #1981498 +++
Comment 3 liyao 2021-07-15 03:47:44 UTC 
Tested in 4.7.0-0.nightly-2021-07-13-223143 fresh env
$ oc get kubecontrollermanager cluster -o yaml | grep -i secure
# no output, this means secure mode is NOT used by default.
$ oc new-project testproj
$ oc get cm openshift-service-ca.crt -o yaml 
# annotation service.alpha.openshift.io/inject-vulnerable-legacy-cabundle: "true" is seen, and multiple certs in service-ca.crt field, this is as expected
Comment 4 Xingxing Xia 2021-07-15 04:03:38 UTC 
(In reply to liyao from comment #3)
> Tested in 4.7.0-0.nightly-2021-07-13-223143 fresh env
> $ oc get kubecontrollermanager cluster -o yaml | grep -i secure
> # no output, this means secure mode is NOT used by default.
FYI, need not test this. See the 4.7 PRs, 4.7 does not add this field, only 4.8+ add.
Comment 7 errata-xmlrpc 2021-07-26 17:35:23 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (OpenShift Container Platform 4.7.21 bug fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2021:2762
Comment 8 Red Hat Bugzilla 2023-09-15 01:11:20 UTC 
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 500 days