The determination about whether a custom CA bundle is being used is assessed when the operator starts. This can lead to incorrect behavior if the kube-cloud-config ConfigMap has not yet been created in the openshit-config-managed namespace when the operator starts.
verified. PASS OCP version: 4.7.0-0.nightly-2021-02-05-005950 verify steps: 1. install c2s cluster 2. ca-bundle.pem exists in cm openshift-config-managed/kube-cloud-config 3. ca-bundle.pem exists in cm openshift-config/cloud-provider-config 4. CA bundle in deployment openshift-cluster-csi-drivers/aws-ebs-csi-driver-controller <--snip--> { "mountPath": "/etc/ca", "name": "ca-bundle", "readOnly": true } <--snip--> { "name": "AWS_CA_BUNDLE", "value": "/etc/ca/ca-bundle.pem" } <--snip--> 5. remove ca-bundle.pem from openshift-config/cloud-provider-config 6. ca-bundle.pem not exists in cm openshift-config-managed/kube-cloud-config 7. CA bundle not used in deployment openshift-cluster-csi-drivers/aws-ebs-csi-driver-controller 8. add ca-bundle.pem to openshift-config/cloud-provider-config 9. ca-bundle.pem exists in cm openshift-config-managed/kube-cloud-config, and its value is up to date. 10. CA bundle in deployment openshift-cluster-csi-drivers/aws-ebs-csi-driver-controller, and its value is up to date.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.7.0 security, bug fix, and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2020:5633