New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bug 1794313: Some cluster operators fail to come up because RHV CA is not trusted by a pod #40
Bug 1794313: Some cluster operators fail to come up because RHV CA is not trusted by a pod #40
Conversation
Signed-off-by: Roy Golan <rgolan@redhat.com>
oVirt API over SSL should be verified against a proper CA. It is expected by the deployment to pass the CA bundle that container oVirt's CA and keep it in ovirt-credentials secret, under 'ovirt_ca_bundle'. When it's there, save it to disk, and use it as the api connection CA file. Another option was to seriailize the secret and extract the CA bundle directly to /etc/ssl/certs but that mandates a deployment change, and moving that logic to the deployment part. If the CA bundle doesn't exist the deploymnent can still handle that by changing the CA sources on the container. Signed-off-by: Roy Golan <rgolan@redhat.com>
@rgolangh: This pull request references Bugzilla bug 1811760, which is invalid:
Comment In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
@rgolangh: No Bugzilla bug is referenced in the title of this pull request. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/bugzilla refresh |
@bennyz PTAL |
@rgolangh: No Bugzilla bug is referenced in the title of this pull request. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/bugzilla refresh |
@sdodson: No Bugzilla bug is referenced in the title of this pull request. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/retitle Bug 1794313: Some cluster operators fail to come up because RHV CA is not trusted by a pod |
@rgolangh: This pull request references Bugzilla bug 1794313, which is valid. The bug has been moved to the POST state. The bug has been updated to refer to the pull request using the external bug tracker. 3 validation(s) were run on this bug
In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/lgtm |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: bennyz, rgolangh The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
@rgolangh: All pull requests linked via external trackers have merged. Bugzilla bug 1794313 has been moved to the MODIFIED state. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/cherry-pick 4.4 |
@rgolangh: cannot checkout 4.4: error checking out 4.4: exit status 1. output: error: pathspec '4.4' did not match any file(s) known to git. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/cherry-pick release-4.4 |
@rgolangh: new pull request created: #42 In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
oVirt API over SSL should be verified against a proper CA. It is expected
by the deployment to pass the CA bundle that container oVirt's CA and keep
it in ovirt-credentials secret, under 'ovirt_ca_bundle'.
When it's there, save it to disk, and use it as the api connection CA file.
Another option was to seriailize the secret and extract the CA bundle
directly to /etc/ssl/certs but that mandates a deployment change, and
moving that logic to the deployment part.
If the CA bundle doesn't exist the deploymnent can still handle that by
changing the CA sources on the container.