certificates are not present in /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
Environment
- Red Hat OpenShift Container Platform (OCP) 4.6.1-3
Issue
Images are built with buildconfigs and the Dockerfile contains the following:
ADD cert.pem /etc/pki/ca-trust/source/anchors
RUN update-ca-trust extracted
--> be9c0908273
STEP 6: ADD cert.pem /etc/pki/ca-trust/source/anchors
--> 905b49a49d5
STEP 7: RUN update-ca-trust extracted
--> 7ac51ca55b5
The problem is, that the certificates are not present in /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem anymore.
Resolution
There is a bug in version 4.6.1, 4.6.2 and 4.6.3 that is solved in version 4.6.z so the solution is to upgrade the cluster.
This was revised in the following Bugzilla 1895093 and there is one more related Bugzilla 1891759
Diagnostic Steps
After building the image and starting a terminal, we can see that the certificates are not present on the route:
ls -la /etc/pki/ca-trust/extracted/pem/
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.
Comments