On Mon, Nov 11, 2019 at 11:26 PM Joel Pearson <japear...@agiledigital.com.au> wrote:
> I've now discovered that the cluster-samples-operator doesn't seem honour > the proxy settings, and I see lots of errors in the > cluster-samples-operator-xxxx pod logs > > time="2019-11-12T04:15:49Z" level=warning msg="Image import for > imagestream dotnet tag 2.1 generation 2 failed with detailed message > Internal error occurred: Get https://registry.redhat.io/v2/: x509: > certificate signed by unknown authority" > > Is there a way to get that operator to use the same user-ca-bundle? > image import should be using those CAs (it's really about the openshift-apiserver, not the samples operator) automatically (sounds like another potential bug, but i'll let Oleg weigh in on this one). However barring that, you can use the mechanism described here to setup additional CAs for importing from registries: https://docs.openshift.com/container-platform/4.2/openshift_images/image-configuration.html#images-configuration-file_image-configuration you can follow the more detailed instructions here: https://docs.openshift.com/container-platform/4.2/builds/setting-up-trusted-ca.html#configmap-adding-ca_setting-up-trusted-ca (Brandi/Adam, we should really include the example from that second link, in the general "image resource configuration" page from the first link). Unfortunately it does not allow you to reuse the user-ca-bundle CM since the format of the CM is a bit different (needs an entry per registry hostname). > > On Tue, 12 Nov 2019 at 14:46, Joel Pearson <japear...@agiledigital.com.au> > wrote: > >> >> >> On Tue, 12 Nov 2019 at 06:56, Ben Parees <bpar...@redhat.com> wrote: >> >>> >>> >>>> >>>> Can I use the “trustedCA” part of the proxy configuration without >>>> actually specifying an explicit proxy? >>>> >>> >>> you should be able to. Daneyon can you confirm? (if you can't i'd >>> consider it a bug). >>> >>> It does work! Thanks for that. user-ca-bundle already existed and had my >> certificate in there, I just needed to reference user-ca-bundle in the >> proxy config. >> >> apiVersion: config.openshift.io/v1 >> kind: Proxy >> metadata: >> name: cluster >> spec: >> trustedCA: >> name: user-ca-bundle >> > > > -- Ben Parees | OpenShift
_______________________________________________ users mailing list users@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/users
