On Mon, Dec 2, 2019 at 3:32 AM Ben Parees <bpar...@redhat.com> wrote:
> 1) If you define a proxy config with additional CAs, those CAs will be used > during imagestream import (as well as consumed by many other components). > This is true even if you don't have a proxy, so you so can define a dummy > proxy config that has no "http/httpsProxy" values but just has a reference to > your additional CA bundle. If you are doing it at install time, I think you > have to provide a dummy "noProxy" value, this will trick the installer into > setting up a proxyconfig that references the additionalTrustBundle you > provided in the install-config. Wouldn't it make sense to do this if there's an additionalTrustBundle to be found in the install-config? From a usability perspective, I probably want that CA bundle to be used throughout the installed system as well without having to define a non-existent proxy. Moreover, thinking of $DAYJOB - we very well may (haven't decided yet) allow that proxy configuration to point to a real proxy that can access the Internet (however doesn't mangle certs - our app proxy is not a MITM proxy), but our registries and such internally are signed by an internal CA. Would the noProxy list also allow those CA's that are in the proxy config? _______________________________________________ users mailing list users@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/users
