A registry CA is not added/renewed into nodes when adding it as additionalTrustedCA to the image configuration in OpenShift 4
Issue
- After adding a CA via the
additionalTrustedCA
in theimage.config
resource to solve the issue described in Failed to pull image with x509: certificate signed by unknown authority error when using mirrored registries in OpenShift 4, the CA is not added to the OpenShift 4 nodes. - Trying to configure additional trust stores for image registry access, the CA is not added to the OpenShift 4 nodes.
- The
cluster-image-registry-operator
is failing withImagePullBackOff
andx509: certificate signed by unknown authority
message.
Environment
- Red Hat OpenShift Container Platform (RHOCP)
- 4
- Additional registries
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.