Description of problem: user-ca-bundle under openshift-config is mounted to trusted-ca under openshift-image-registry, but imagestream return 509 error: $ oc describe is ruby -n openshift ! error: Import failed (InternalError): Internal error occurred: Get https://registry.redhat.io/v2/: proxyconnect tcp: x509: certificate signed by unknown authority 4 hours ago Version-Release number of selected component (if applicable): 4.2.0-0.nightly-2019-08-24-002347 How reproducible: always Steps to Reproduce: 1.Enable trusted CA for proxy cluster Trusted CA: Name: user-ca-bundle 2.Check "trusted-ca" under "openshift-image-registry" 3.Describe openshift imagestream Actual results: 509 error returns. Expected results: Should be imported. Additional info: It seems there is no trusted CA of cluster proxy mounted inside openshift-apiserver pod.
I believe the PR [1] is intended to fix it. [1]: https://github.com/openshift/cluster-openshift-apiserver-operator/pull/226
Verified on 4.2.0-0.nightly-2019-09-08-180038: Imagestream can be imported successfully in https_proxy enabled cluster.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2019:2922