[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: How to use extra trusted CA certs when pulling images for a builder





On Mon, Nov 11, 2019 at 11:27 PM Ben Parees <bparees redhat com> wrote:


On Mon, Nov 11, 2019 at 10:47 PM Joel Pearson <japearson agiledigital com au> wrote:


On Tue, 12 Nov 2019 at 06:56, Ben Parees <bparees redhat com> wrote:
 

Can I use the “trustedCA” part of the proxy configuration without actually specifying an explicit proxy?

you should be able to.  Daneyon can you confirm?  (if you can't i'd consider it a bug).

It does work! Thanks for that. user-ca-bundle already existed and had my certificate in there, I just needed to reference user-ca-bundle in the proxy config.

cool, given that you supplied the CAs during install, and the user-ca-bundle CM was created, i'm a little surprised the install didn't automatically setup the reference in the proxyconfig resource for you.  I'm guessing it did not because there was no actual proxy hostname configured.  I think that's a gap we should close..would you mind filing a bug?  (bugzilla.redhat.com).  You can submit it against the install component.

fyi I've filed a bug for this aspect of the issues you ran into:
https://bugzilla.redhat.com/show_bug.cgi?id=1771564

we still need to chase down the issues you hit with respect to the various CAs (the cluster proxy CA config and the image CA config) seemingly not being used during image import, there are no tracker bugs for those yet but Oleg is investigating.

 

 

apiVersion: config.openshift.io/v1
kind: Proxy
metadata:
  name: cluster
spec:
  trustedCA:
    name: user-ca-bundle


--
Ben Parees | OpenShift



--
Ben Parees | OpenShift


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]