Skip to content

Commit c671827

Browse files
committed
rename AddToRootCAs to CombineCaBundle + add the const InjectedBundleCertCAFile which is /etc/ocp-injected-ca-bundle/ca-bundle.crt +
assign r.ApplyCAsToPods to be the new constant (will be NODE_EXTRA_CA_CERTS eventually) Signed-off-by: shirady <[email protected]> (cherry picked from commit 41215ae64ada1a5c7cd5a85322201e64a2945fda)
1 parent b07cbc2 commit c671827

File tree

3 files changed

+9
-6
lines changed

3 files changed

+9
-6
lines changed

pkg/options/options.go

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -49,8 +49,11 @@ const (
4949
// SystemName is a constant as we want just a single system per namespace
5050
SystemName = "noobaa"
5151

52-
// ServiceServingCertCAFile points to OCP root CA to be added to the default root CA list
52+
// ServiceServingCertCAFile points to OCP default root CA list
5353
ServiceServingCertCAFile = "/var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt"
54+
55+
// InjectedBundleCertCAFile points to OCP root CA to be added to the default root CA list
56+
InjectedBundleCertCAFile = "/etc/ocp-injected-ca-bundle/ca-bundle.crt"
5457
)
5558

5659
// Namespace is the target namespace for locating the noobaa system

pkg/system/reconciler.go

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -404,9 +404,9 @@ func (r *Reconciler) Reconcile() (reconcile.Result, error) {
404404
}
405405
}
406406

407-
err = util.AddToRootCAs(options.ServiceServingCertCAFile)
407+
err = util.CombineCaBundle(options.ServiceServingCertCAFile)
408408
if err == nil {
409-
r.ApplyCAsToPods = options.ServiceServingCertCAFile
409+
r.ApplyCAsToPods = options.InjectedBundleCertCAFile
410410
} else if !os.IsNotExist(err) {
411411
log.Errorf("❌ NooBaa %q failed to add root CAs to system default", r.NooBaa.Name)
412412
res.RequeueAfter = 3 * time.Second

pkg/util/util.go

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -142,8 +142,8 @@ var (
142142
}
143143
)
144144

145-
// AddToRootCAs adds a local cert file to Our GlobalCARefreshingTransport
146-
func AddToRootCAs(localCertFile string) error {
145+
// CombineCaBundle combines a local cert file to Our GlobalCARefreshingTransport
146+
func CombineCaBundle(localCertFile string) error {
147147
rootCAs, _ := x509.SystemCertPool()
148148
if rootCAs == nil {
149149
rootCAs = x509.NewCertPool()
@@ -168,7 +168,7 @@ func AddToRootCAs(localCertFile string) error {
168168
}
169169

170170
// Trust the augmented cert pool in our client
171-
log.Infof("Successfuly appended %q to RootCAs", certFile)
171+
log.Infof("Successfully appended %q to RootCAs", certFile)
172172
}
173173
GlobalCARefreshingTransport.TLSClientConfig.RootCAs = rootCAs
174174
return nil

0 commit comments

Comments
 (0)