Bug 1892127 - path to the CA trust bundle ConfigMap is broken in report operator
Summary: path to the CA trust bundle ConfigMap is broken in report operator
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Metering Operator
Version: 4.7
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: ---
: 4.6.z
Assignee: tflannag
QA Contact: Peter Ruan
URL:
Whiteboard:
Depends On: 1890741
Blocks: 1890733 1900116
TreeView+ depends on / blocked
 
Reported: 2020-10-28 01:03 UTC by OpenShift BugZilla Robot
Modified: 2020-11-30 16:27 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
When the cluster-wide Proxy has been enabled, Metering reconciles a ConfigMap with the `config.openshift.io/inject-trusted-cabundle="true"` annotation and the Cluster Networking Operator is reponsible for populating those ConfigMap contents with the merged user-provided and system CA bundles. When mounting those ConfigMap contents in the reporting-operator Deployment, an invalid container filename was specified for the reporting-operator and oauth proxy sidecar container. This resulted in an invalid symbolic link being established in the /etc/pki/tls/cert.pem, which the sidecar container is configured to trust. In some customer environments, Metering would be unable to work with the configured cluster-wide Proxy object. After properly updating the container filename to match the recommendations in [1], that symbolic link was properly established again. [1] https://docs.openshift.com/container-platform/4.5/networking/configuring-a-custom-pki.html#certificate-injection-using-operators_configuring-a-custom-pki
Clone Of:
Environment:
Last Closed: 2020-11-30 16:27:16 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github kube-reporting metering-operator pull 1422 0 None closed [release-4.6] Bug 1892127: Fix the path to the CA trust bundle ConfigMap 2020-11-23 19:35:45 UTC
Red Hat Knowledge Base (Solution) 5518821 0 None None None 2020-10-29 15:57:16 UTC
Red Hat Product Errata RHBA-2020:5117 0 None None None 2020-11-30 16:27:25 UTC

Comment 4 Peter Ruan 2020-11-26 01:01:53 UTC 
verified with 4.6.0-0.nightly-2020-11-22-160856 following the same procedures in the parent bug# 1890741
Comment 6 errata-xmlrpc 2020-11-30 16:27:16 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (OpenShift Container Platform 4.6.6 extras update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:5117
Note You need to log in before you can comment on or make changes to this bug.