I've now discovered that the cluster-samples-operator doesn't seem honour the proxy settings, and I see lots of errors in the cluster-samples-operator-xxxx pod logs
time="2019-11-12T04:15:49Z" level=warning msg="Image import for imagestream dotnet tag 2.1 generation 2 failed with detailed message Internal error occurred: Get https://registry.redhat.io/v2/
: x509: certificate signed by unknown authority"
Is there a way to get that operator to use the same user-ca-bundle?
Samples operator just reports the status of the sample imagestreams. It does not actually execute the imagestream import, and thus is not the controller that consumes the user-ca-bundle.
Imagestream import is a function of the imagestream controller in the openshift-controller-manager and the internal image registry.
That said, my understanding was those items should consume global CA / cluster image configuration as well.
The folks on here already, plus Oleg, who I have now included, can elaborate. My quick scan of the docs did not find where that was explained.
Can I use the “trustedCA” part of the proxy configuration without actually specifying an explicit proxy?
you should be able to. Daneyon can you confirm? (if you can't i'd consider it a bug).
It does work! Thanks for that. user-ca-bundle already existed and had my certificate in there, I just needed to reference user-ca-bundle in the proxy config.
users mailing list
users lists openshift redhat com