Chapter 3. Bug fixes
In this release of Red Hat Trusted Artifact Signer (RHTAS), we fixed the following bugs. In addition to these fixes, we list the descriptions of previously known issues found in earlier versions that we fixed.
Added missing options to configure hostname
With this release, you can now configure the hostname for the cli-server and the rekor-search-ui. You can configure the hostname by specifying the --cli-server-hostname=HOSTNAME on the RHTAS operator controller. You can also configure the hostname by using the API, for example:
...
rekor:
rekorSearchUI:
host: HOSTNAME
...Replace HOSTNAME with your hostname.
Segment backup job fails on OpenShift clusters that use self-signed certificates
The segment backup job was failing when verifying a self-signed certificate causing Secure Socket Layer (SSL) certificate verification errors. Because this verification failed, the job could not pull metrics from the cluster monitoring system by using OpenShift’s internal API. We fixed this bug by injecting OpenShift’s Certificate Authority (CA) trusted bundle into the RHTAS containers. By doing this, the segment backup job can verify the self-signed certificate, and can successfully pull the necessary metrics.
Version number reported incorrectly on OpenShift 4.13
Before this update, the installation of the RHTAS operator on OpenShift Container Platform 4.13 incorrectly shows version 0.0.2, when version 1.0 is actually installed. With this release, the RHTAS operator version number is correctly displayed on OpenShift Container Platform 4.13.
Removed pull-secret references
In early releases of RHTAS, you were asked to give a pull secret to install RHTAS. Since the General Availability (GA) release of RHTAS, you no longer need a pull secret to deploy RHTAS on Red Hat OpenShift. With this release, we removed all references to pull-secret from the RHTAS code base.
Changes to the treeID field are not applied to the Rekor deployment
When making a change to the treeID field in the Rekor configuration this change was not updated in the Rekor deployment. This bug could cause wrong log entries, and cause other potential issues with Rekor. We fixed the logic in the Rekor manager to prevent inconsistencies, and as a result improving the reliability of the Rekor service. With this release, updating the treeID field correctly updates the Rekor deployment as expected, and shows the correct status.treeID value.
Changes to the treeID field are not applied to the CT log deployment
When making a change to the treeID field in the Certificate Transparency (CT) log configuration this change was not updated in the CT log deployment. This bug could cause inconsistencies, and other potential issues with CT log. We fixed the logic in the CT log manager to prevent inconsistencies, and as a result improving the reliability of the CT log service. With this release, updating the treeID field correctly updates the CT log deployment as expected, and shows the correct status.treeID value.
