Bug 2015493 - Cloud Controller Manager Operator does not respect 'additionalTrustBundle' setting
Summary: Cloud Controller Manager Operator does not respect 'additionalTrustBundle' se...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Cloud Compute
Version: 4.10
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: ---
: 4.10.0
Assignee: Joel Speed
QA Contact: Milind Yadav
URL:
Whiteboard:
Depends On:
Blocks: 2015503
TreeView+ depends on / blocked
 
Reported: 2021-10-19 10:58 UTC by dmoiseev
Modified: 2022-04-11 08:33 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
: 2015503 (view as bug list)
Environment:
Last Closed: 2022-03-10 16:20:14 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift cluster-cloud-controller-manager-operator pull 136 0 None Merged Bug 2015493: [OCPCLOUD-1306] User CA bundle sync controller 2021-10-19 11:06:56 UTC
Red Hat Product Errata RHSA-2022:0056 0 None None None 2022-03-10 16:20:43 UTC

Description dmoiseev 2021-10-19 10:58:45 UTC 
Description of problem:

Cloud Controller Manager Operator does not respect `additionalTrustBundle`, which is quite critical on on-prem platforms such as Azure Stack. In case if such on-prem platform would be set up in a way when non system trusted CA was used to sign its endpoint SSL certificates cloud-controller-manager will not trust such endpoints and will not be able to perform it's duties (nodes initialization, etc).


Version-Release number of selected component (if applicable):
4.9, 4.10

How reproducible:
Always

Additional info:
https://bugzilla.redhat.com/show_bug.cgi?id=2010921 - related installer BZ
Comment 2 sunzhaohua 2021-12-07 01:42:06 UTC 
Patrick Dillon and Mike Gahagan verified this bug today. Move to verified.
Comment 5 errata-xmlrpc 2022-03-10 16:20:14 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.10.3 security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:0056
Note You need to log in before you can comment on or make changes to this bug.