Bug 1866818: Set proxy.config/cluster spec.trustedCA if have CA

[Miciah]

An install config may specify an additional trusted bundle without specifying any proxy configuration. Before this change, such an install config would produce a user-ca-bundle configmap but would not configure anything to use it. After this change, such an install config produces the user-ca-bundle configmap and also adds a reference to the configmap in the spec.trustedCA field of the proxy.config/cluster object. As a result, cluster-network-operator will read user-ca-bundle and inject the additional trusted bundle into the trusted-ca-bundle configmap, which other operators, such as the authentication operator, use.

• pkg/asset/manifests/proxy.go (Generate): Set spec.trustedCA if the install config specifies an additional trusted bundle, irrespective of whether proxy configuration is specified.

[openshift-ci-robot]

@Miciah: This pull request references Bugzilla bug 1866818, which is valid. The bug has been moved to the POST state. The bug has been updated to refer to the pull request using the external bug tracker.

3 validation(s) were run on this bug

• bug is open, matching expected state (open)
• bug target release (4.6.0) matches configured target release for branch (4.6.0)
• bug is in the state ASSIGNED, which is one of the valid states (NEW, ASSIGNED, ON_DEV, POST, POST)

Details

In response to this:

Bug 1866818: Set proxy.config/cluster spec.trustedCA if have CA

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[openshift-ci-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
To complete the pull request process, please assign sdodson
You can assign the PR to them by writing /assign @sdodson in a comment when ready.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[wking]

Dup of #2658 (which includes some of the backstory around its rejection)?

[openshift-ci-robot]

@Miciah: The following test failed, say /retest to rerun all failed tests:

Test name	Commit	Details	Rerun command
ci/prow/e2e-metal-ipi	a92030e	link	/test e2e-metal-ipi

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

[Miciah]

Ah, you're right. This means https://docs.openshift.com/container-platform/4.5/networking/configuring-a-custom-pki.html is completely wrong, doesn't it?
/close

[openshift-ci-robot]

@Miciah: Closed this PR.

Details

In response to this:

Ah, you're right. This means https://docs.openshift.com/container-platform/4.5/networking/configuring-a-custom-pki.html is completely wrong, doesn't it?
/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[openshift-ci-robot]

@Miciah: This pull request references Bugzilla bug 1866818. The bug has been updated to no longer refer to the pull request using the external bug tracker.

Details

In response to this:

Bug 1866818: Set proxy.config/cluster spec.trustedCA if have CA

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.