Bug 2038934
| Summary: | CSI driver operators should use the trusted CA bundle when cluster proxy is configured | ||
|---|---|---|---|
| Product: | OpenShift Container Platform | Reporter: | Fabio Bertinatto <fbertina> |
| Component: | Storage | Assignee: | Roman Bednář <rbednar> |
| Storage sub component: | Operators | QA Contact: | Wei Duan <wduan> |
| Status: | CLOSED ERRATA | Docs Contact: | |
| Severity: | medium | ||
| Priority: | medium | CC: | aos-bugs, jsafrane |
| Version: | 4.10 | ||
| Target Milestone: | --- | ||
| Target Release: | 4.10.0 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2022-03-10 16:38:09 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Fabio Bertinatto
2022-01-10 15:14:37 UTC
Bumps for other operators: CSO: https://github.com/openshift/cluster-storage-operator/pull/244 CSI Snapshot operator: https://github.com/openshift/cluster-csi-snapshot-controller-operator/pull/107 (Sorry for the multi-part description) In addition to that, we need to make sure all those operators support a custom CA bundle. This PR contains an example on how to fix that using library-go's function hooks: https://github.com/openshift/gcp-pd-csi-driver-operator/pull/41/commits Correction, this is the example PR: https://github.com/openshift/gcp-pd-csi-driver-operator/pull/40 jsafrane https://github.com/openshift/aws-ebs-csi-driver-operator jsafrane https://github.com/openshift/aws-efs-csi-driver-operator fbertina https://github.com/openshift/azure-disk-csi-driver-operator rbednar https://github.com/openshift/azure-file-csi-driver-operator rbednar https://github.com/openshift/openstack-cinder-csi-driver-operator rbednar https://github.com/openshift/csi-driver-manila-operator fbertina https://github.com/openshift/gcp-pd-csi-driver-operator dpryor https://github.com/openshift/vmware-vsphere-csi-driver-operator dpryor https://github.com/openshift/alibaba-disk-csi-driver-operator dpryor https://github.com/openshift/ibm-vpc-block-csi-driver-operator Verified pass on azure-disk and azure-file Currently Ali doen't support the http_proxy, so will check Ali CSI Driver when it is available. Right now, IBM and Ali CSI Driver did not support proxy env, will verify them when available. Will update the status to "Verified" as other CSIDriver passed, if hit the issue in IBM and Ali CSI Driver, I will file another bug to track. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.10.3 security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2022:0056 |