Bug 2015503 - Cloud Controller Manager Operator does not respect 'additionalTrustBundle' setting
Summary: Cloud Controller Manager Operator does not respect 'additionalTrustBundle' se...
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Cloud Compute
Version: 4.9
Hardware: Unspecified
OS: Unspecified
Target Milestone: ---
: 4.9.z
Assignee: dmoiseev
QA Contact: sunzhaohua
Depends On: 2015493
TreeView+ depends on / blocked
Reported: 2021-10-19 11:43 UTC by dmoiseev
Modified: 2022-04-11 08:33 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of: 2015493
Last Closed: 2021-12-13 12:06:24 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Github openshift cluster-cloud-controller-manager-operator pull 138 0 None open [release-4.9] Bug 2015503: User CA bundle sync controller 2021-10-29 10:41:08 UTC
Red Hat Product Errata RHBA-2021:5003 0 None None None 2021-12-13 12:06:38 UTC

Description dmoiseev 2021-10-19 11:43:50 UTC
+++ This bug was initially created as a clone of Bug #2015493 +++

Description of problem:

Cloud Controller Manager Operator does not respect `additionalTrustBundle`, which is quite critical on on-prem platforms such as Azure Stack. In case if such on-prem platform would be set up in a way when non system trusted CA was used to sign its endpoint SSL certificates cloud-controller-manager will not trust such endpoints and will not be able to perform it's duties (nodes initialization, etc).

Version-Release number of selected component (if applicable):
4.9, 4.10

How reproducible:

Additional info:
https://bugzilla.redhat.com/show_bug.cgi?id=2010921 - related installer BZ

Comment 3 Patrick Dillon 2021-12-07 00:50:34 UTC
Mike Gahagan and I verified this BZ together today. He left his LGTM on the PR.

Comment 4 sunzhaohua 2021-12-07 03:04:15 UTC
Based on Comment 3, move to Verified.

Comment 7 errata-xmlrpc 2021-12-13 12:06:24 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (OpenShift Container Platform 4.9.11 bug fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.