Bug 2015503

Summary: Cloud Controller Manager Operator does not respect 'additionalTrustBundle' setting
Product: OpenShift Container Platform Reporter: dmoiseev
Component: Cloud ComputeAssignee: dmoiseev
Cloud Compute sub component: Cloud Controller Manager QA Contact: sunzhaohua <zhsun>
Status: CLOSED ERRATA Docs Contact:
Severity: high    
Priority: high CC: aos-bugs, jspeed, padillon, zhsun
Version: 4.9   
Target Milestone: ---   
Target Release: 4.9.z   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 2015493 Environment:
Last Closed: 2021-12-13 12:06:24 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2015493    
Bug Blocks:    

Description dmoiseev 2021-10-19 11:43:50 UTC
+++ This bug was initially created as a clone of Bug #2015493 +++

Description of problem:

Cloud Controller Manager Operator does not respect `additionalTrustBundle`, which is quite critical on on-prem platforms such as Azure Stack. In case if such on-prem platform would be set up in a way when non system trusted CA was used to sign its endpoint SSL certificates cloud-controller-manager will not trust such endpoints and will not be able to perform it's duties (nodes initialization, etc).


Version-Release number of selected component (if applicable):
4.9, 4.10

How reproducible:
Always

Additional info:
https://bugzilla.redhat.com/show_bug.cgi?id=2010921 - related installer BZ

Comment 3 Patrick Dillon 2021-12-07 00:50:34 UTC
Mike Gahagan and I verified this BZ together today. He left his LGTM on the PR.

Comment 4 sunzhaohua 2021-12-07 03:04:15 UTC
Based on Comment 3, move to Verified.

Comment 7 errata-xmlrpc 2021-12-13 12:06:24 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (OpenShift Container Platform 4.9.11 bug fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2021:5003