Bug 1970405 - [4.8.0] AgentServiceConfig mirror registry requires both ca-bundle.crt and registries.conf
Summary: [4.8.0] AgentServiceConfig mirror registry requires both ca-bundle.crt and re...
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Advanced Cluster Management for Kubernetes
Classification: Red Hat
Component: unspecified
Version: rhacm-2.3.z
Hardware: x86_64
OS: Linux
high
high
Target Milestone: ---
: rhacm-2.3.1
Assignee: David Zager
QA Contact: Chad Crum
URL:
Whiteboard: AI-Team-Platform
Depends On: 1970063
Blocks:
TreeView+ depends on / blocked
 
Reported: 2021-06-10 12:30 UTC by Ronnie Lazar
Modified: 2021-09-20 22:26 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: No Doc Update
Doc Text:
Clone Of: 1970063
Environment:
Last Closed: 2021-09-20 22:26:56 UTC
Target Upstream Version:
Embargoed:
ming: rhacm-2.3.z+

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github open-cluster-management backlog issues 15797 0 None None None 2021-09-02 19:26:02 UTC
Github openshift assisted-service pull 2151 0 None open [ocm-2.3] BUG 1970405: Don't force ca-bundle.crt when mirroring 2021-07-02 04:49:51 UTC
Red Hat Bugzilla 1970063 1 high CLOSED [master] AgentServiceConfig mirror registry requires both ca-bundle.crt and registries.conf 2021-10-18 17:33:39 UTC

Description Ronnie Lazar 2021-06-10 12:30:58 UTC 
+++ This bug was initially created as a clone of Bug #1970063 +++

Description of problem:
Currently the AgentServiceConfig mirror registry method [1] requires a configmap containing both ca-bundle.crt and registries.conf to configure. In certain cases only one or the other is needed, but both are required to work. The only alternative is to reference a dummy certificate or dummy registries.conf in these situations.

IgnitionConfig overrides is not always a good solution as the AgentServiceConfig mirror registry method passes the changes to the OCP install-config.yaml as well

[1] https://github.com/openshift/assisted-service/blob/master/docs/operator.md#mirror-registry-configuration

Version-Release number of selected component (if applicable):
Latest assisted operator upstream

How reproducible:
100%

Steps to Reproduce:
1. 
2.
3.

Actual results:


Expected results:


Additional info:

Use cases:
- Customer mirror registry has an official CA signed certificate, so they do not need to add an additional cert, but do not a registries.conf for mirroring

- Customer is not in a disconnected environment (no need for self signed cert) but do need to include image mapping both in registries.conf and install-config.yaml for dev/testing purposes
Comment 3 Chad Crum 2021-07-07 12:56:58 UTC 
Bug is fixed u/s - Waiting for D/S build to validate.
Comment 4 Chad Crum 2021-07-07 13:04:31 UTC 
Also this bug does not block the 4.8.0 release.
Comment 13 ximhan 2021-08-20 07:26:57 UTC 
OpenShift engineering has decided to NOT ship 4.8.6 on 8/23 due to the following issue.
https://bugzilla.redhat.com/show_bug.cgi?id=1995785
All the fixes part will be now included in 4.8.7 on 8/30.
Comment 20 Mike Ng 2021-09-07 14:28:35 UTC 
G2Bsync 912701930 comment 
 CrystalChun Fri, 03 Sep 2021 17:39:55 UTC 
 G2Bsync Fix was shipped as part of ACM 2.3 GA
Picked up in https://github.com/open-cluster-management/backlog/issues/14081
Note You need to log in before you can comment on or make changes to this bug.