Description of problem: When setting the environment variable SERVE_HTTPS to "False" in the assisted-service-operator subscription, it is still set to "True" in the assisted-service container. How reproducible: 100% Steps to Reproduce: 1. Create a subscription with environment variable SERVE_HTTPS set to "False" 2. Check assisted-service container once you have applied the agentserviceconfig and the pod starts Actual results: bash-4.4$ echo $SERVE_HTTPS True Expected results: bash-4.4$ echo $SERVE_HTTPS False Additional info:
I think this is working as intended. Only some environment variables get propagated. We should update the docs here to clarify: https://github.com/openshift/assisted-service/blob/913aba6/docs/operator.md#subscription-config If your goal is to serve the API without TLS, this will get you that for now: https://github.com/openshift/assisted-service/pull/1581
We aren't going to add more items to the "whitelist" of environment variables we will pass from the subscription.spec.config (specifically subscription.spec.config.env) -> assisted-service container. However, we will be addressing this bug by allowing an "unsupported.agent-install.openshift.io/assisted-service-config" annotation on the AgentServiceConfig that is the name of the configmap to be used as EnvFrom on the assisted-service container.
Verified
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.8.2 bug fix and security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2021:2438