[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: How to use extra trusted CA certs when pulling images for a builder

On Mon, Nov 11, 2019 at 11:27 PM Joel Pearson <japearson agiledigital com au> wrote:
I've now discovered that the cluster-samples-operator doesn't seem honour the proxy settings, and I see lots of errors in the cluster-samples-operator-xxxx pod logs

time="2019-11-12T04:15:49Z" level=warning msg="Image import for imagestream dotnet tag 2.1 generation 2 failed with detailed message Internal error occurred: Get https://registry.redhat.io/v2/: x509: certificate signed by unknown authority"

Is there a way to get that operator to use the same user-ca-bundle?

Samples operator just reports the status of the sample imagestreams.  It does not actually execute the imagestream import, and thus is not the controller that consumes the user-ca-bundle.

Imagestream import is a function of the imagestream controller in the openshift-controller-manager and the internal image registry.

That said, my understanding was those items should consume global CA / cluster image configuration as well.

The folks on here already, plus Oleg, who I have now included, can elaborate.  My quick scan of the docs did not find where that was explained.

On Tue, 12 Nov 2019 at 14:46, Joel Pearson <japearson agiledigital com au> wrote:

On Tue, 12 Nov 2019 at 06:56, Ben Parees <bparees redhat com> wrote:

Can I use the “trustedCA” part of the proxy configuration without actually specifying an explicit proxy?

you should be able to.  Daneyon can you confirm?  (if you can't i'd consider it a bug).

It does work! Thanks for that. user-ca-bundle already existed and had my certificate in there, I just needed to reference user-ca-bundle in the proxy config.

apiVersion: config.openshift.io/v1
kind: Proxy
  name: cluster
    name: user-ca-bundle

users mailing list
users lists openshift redhat com

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]