Bug 2010921: Azure Stack: add trust bundle to cloud config #5248
Conversation
Adds CA for self-signed certs to the cloud provider config on Azure Stack Hub platform.
|
@patrickdillon Since the e2e job for ASH is not working at the moment, can you show me with a local installation that the CA is making it into the configmap in the openshift-config and openshift-config-managed namespaces? |
Will do. I'm assuming the managed config is created after bootstrap, so I can't test it right now due to our main ASH environment being down. Will get on it ASAP |
|
/test e2e-azurestack-upi |
|
/test e2e-azurestack |
patrickdillon
changed the title
openshift-ci
bot
added
the
bugzilla/severity-high
|
@patrickdillon: This pull request references Bugzilla bug 2010921, which is valid. The bug has been moved to the POST state. The bug has been updated to refer to the pull request using the external bug tracker. 3 validation(s) were run on this bug
No GitHub users were found matching the public email listed for the QA contact in Bugzilla (gpei@redhat.com), skipping review request. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
openshift-ci
bot
added
the
bugzilla/valid-bug
|
/test e2e-azurestack-upi |
1 similar comment
|
/test e2e-azurestack-upi |
|
@patrickdillon: The following tests failed, say
Full PR test history. Your PR dashboard. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
|
These changes are being carried through to the managed config: and the installer-created config: @staebler I think we are ready to merge this. I tested this in conjunction with openshift/cluster-cloud-controller-manager-operator#136 and was able to successfully run the CCMO |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: staebler The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
1 similar comment
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: staebler The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci
bot
added
the
approved
|
/retest-required Please review the full test history for this PR and help us cut down flakes. |
|
@patrickdillon: All pull requests linked via external trackers have merged: Bugzilla bug 2010921 has been moved to the MODIFIED state. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
/cherry-pick release-4.9 |
|
@patrickdillon: new pull request created: #5318 DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
@patrickdillon , for the initial bootstrap vm, you might consider changing the location information for the BOOTSTRAP_URL from https to http, e.g. |
6 participants
Adds CA for self-signed certs to the cloud provider config on Azure Stack Hub platform. Some environments, such as our internal dedicated Azure Stack environment, may use self-signed certs for the
armEndpoint. This PR takes a bundle frominstallConfig.additionalTrustBundleand adds it to the cloud provider config with the keyca-bundle.pem.$ head ash-ca-bundle/m/manifests/cloud-provider-config.yaml apiVersion: v1 data: ca-bundle.pem: | -----BEGIN CERTIFICATE----- MIIDgjCCAmqgAwIBAgIQdrn6bdq60qRPxujNuJEL0DANBgkqhkiG9w0BAQsFADBA MRUwEwYKCZImiZPyLGQBGRYFbG9jYWwxFjAUBgoJkiaJk/IsZAEZFgZ3d3RhdGMx DzANBgNVBAMTBkFUQy1DQTAeFw0xNTA5MDgxNTM2NThaFw0yNTA5MDgxNTQ2NTda MEAxFTATBgoJkiaJk/IsZAEZFgVsb2NhbDEWMBQGCgmSJomT8ixkARkWBnd3dGF0 YzEPMA0GA1UEAxMGQVRDLUNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC AQEAxyGyv2thsIXb5sn3FucF1NnCLMSMPGCpGr8i6QOoCi1Ct22ooFpofLgf05w0I will create a BZ soon.