File tree Expand file tree Collapse file tree 3 files changed +9
-6
lines changed Expand file tree Collapse file tree 3 files changed +9
-6
lines changed Original file line number Diff line number Diff line change @@ -49,8 +49,11 @@ const (
49
49
// SystemName is a constant as we want just a single system per namespace
50
50
SystemName = "noobaa"
51
51
52
- // ServiceServingCertCAFile points to OCP root CA to be added to the default root CA list
52
+ // ServiceServingCertCAFile points to OCP default root CA list
53
53
ServiceServingCertCAFile = "/var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt"
54
+
55
+ // InjectedBundleCertCAFile points to OCP root CA to be added to the default root CA list
56
+ InjectedBundleCertCAFile = "/etc/ocp-injected-ca-bundle/ca-bundle.crt"
54
57
)
55
58
56
59
// Namespace is the target namespace for locating the noobaa system
Original file line number Diff line number Diff line change @@ -404,9 +404,9 @@ func (r *Reconciler) Reconcile() (reconcile.Result, error) {
404
404
}
405
405
}
406
406
407
- err = util .AddToRootCAs (options .ServiceServingCertCAFile )
407
+ err = util .CombineCaBundle (options .ServiceServingCertCAFile )
408
408
if err == nil {
409
- r .ApplyCAsToPods = options .ServiceServingCertCAFile
409
+ r .ApplyCAsToPods = options .InjectedBundleCertCAFile
410
410
} else if ! os .IsNotExist (err ) {
411
411
log .Errorf ("❌ NooBaa %q failed to add root CAs to system default" , r .NooBaa .Name )
412
412
res .RequeueAfter = 3 * time .Second
Original file line number Diff line number Diff line change @@ -142,8 +142,8 @@ var (
142
142
}
143
143
)
144
144
145
- // AddToRootCAs adds a local cert file to Our GlobalCARefreshingTransport
146
- func AddToRootCAs (localCertFile string ) error {
145
+ // CombineCaBundle combines a local cert file to Our GlobalCARefreshingTransport
146
+ func CombineCaBundle (localCertFile string ) error {
147
147
rootCAs , _ := x509 .SystemCertPool ()
148
148
if rootCAs == nil {
149
149
rootCAs = x509 .NewCertPool ()
@@ -168,7 +168,7 @@ func AddToRootCAs(localCertFile string) error {
168
168
}
169
169
170
170
// Trust the augmented cert pool in our client
171
- log .Infof ("Successfuly appended %q to RootCAs" , certFile )
171
+ log .Infof ("Successfully appended %q to RootCAs" , certFile )
172
172
}
173
173
GlobalCARefreshingTransport .TLSClientConfig .RootCAs = rootCAs
174
174
return nil
You can’t perform that action at this time.
0 commit comments