Hide Forgot
Description of problem: The cluster-image-registry-operator does not trust the cluster's CA trust bundle. Version-Release number of selected component (if applicable): 4.6.0, 4.6.1 How reproducible: Always Steps to Reproduce: 1. install the cluster Actual results: The cluster-image-registry-operator doesn't have the message Overwriting root TLS certificate authority trust in its logs and it doesn't trust the cluster's CA trust bundle. Expected results: The operator overwrites TLS certificate authority trust with the user-provided CA bundle and uses it. Additional info: Initially reported on GitHub: https://github.com/openshift/cluster-image-registry-operator/issues/630
Below warning can be found in operator log and I can see user-ca-bundle content in /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem: Overwriting root TLS certificate authority trust store sh-4.4$ diff /var/run/configmaps/trusted-ca/tls-ca-bundle.pem /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem sh-4.4$ Verified on 4.7.0-0.nightly-2020-11-09-190845.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.7.0 security, bug fix, and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2020:5633