Description of problem:
The cluster-image-registry-operator does not trust the cluster's CA trust bundle.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. install the cluster
The cluster-image-registry-operator doesn't have the message
Overwriting root TLS certificate authority trust
in its logs and it doesn't trust the cluster's CA trust bundle.
The operator overwrites TLS certificate authority trust with the user-provided CA bundle and uses it.
Initially reported on GitHub: https://github.com/openshift/cluster-image-registry-operator/issues/630
Below warning can be found in operator log and I can see user-ca-bundle content in /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem:
Overwriting root TLS certificate authority trust store
sh-4.4$ diff /var/run/configmaps/trusted-ca/tls-ca-bundle.pem /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
Verified on 4.7.0-0.nightly-2020-11-09-190845.
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory (Moderate: OpenShift Container Platform 4.7.0 security, bug fix, and enhancement update), and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.