Merge pull request #58314 from xenolinux/separate-label

abhatt-rh · web-flow · commit 7975ca17fcd4 · 2023-04-24T16:31:09.000+01:00
OCPBUGS#9166: Use a separate config map to contain the`service-ca.crt`
diff --git a/modules/certificate-injection-using-operators.adoc b/modules/certificate-injection-using-operators.adoc
@@ -10,6 +10,12 @@ Cluster Network Operator merges the user-provided and system CA certificates
 into a single bundle and injects the merged bundle into the Operator requesting
 the trust bundle injection.
 
+[IMPORTANT]
+====
+After adding a `config.openshift.io/inject-trusted-cabundle="true"` label to the config map, existing data in it is deleted. The Cluster Network Operator takes ownership of a config map and only accepts `ca-bundle` as data.
+You must use a separate config map to store `service-ca.crt` by using the `service.beta.openshift.io/inject-cabundle=true` annotation or a similar configuration. Adding a `config.openshift.io/inject-trusted-cabundle="true"` label and `service.beta.openshift.io/inject-cabundle=true` annotation on the same config map can cause issues.
+====
+
 Operators request this injection by creating an empty ConfigMap with the
 following label:
 
