+++ This bug was initially created as a clone of Bug #1788711 +++ Description of problem: The ingress operator should publish the default certificate of the default IngressController to a ConfigMap for other operators to read. Once the ingress operator publishes the ConfigMap, other operators will read it and incorporate the default certificate into their trust bundles so that they can connect to Route resources. This will relieve administrator of the need to configure the certificate that was used to sign the default certificate as a trusted CA on a cluster with a custom PKI. Steps to Reproduce: 1. oc -n openshift-config-managed get configmaps/default-ingress-cert Actual results: The requested resource does not exist. Expected results: The resource should exist. Additional info: The feature is described in the following enhancement proposal: https://github.com/openshift/enhancements/pull/126 It is implemented by the following PR, which will ship in 4.4: https://github.com/openshift/cluster-ingress-operator/pull/331 The following PR backports the feature to 4.3: https://github.com/openshift/cluster-ingress-operator/pull/336 Additional changes are required to the auth and console operators to read the new ConfigMap. This Bugzilla report covers only the ingress operator.
verified with 4.4.0-0.nightly-2020-02-02-201619 and passed. $ oc -n openshift-config-managed get cm/default-ingress-cert NAME DATA AGE default-ingress-cert 1 129m After deleting and recreating the default ingresscontroller, the cm/default-ingress-cert can be updated as well.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:0581