Question: missing openshift ca bundle?

[frzifus]

In otel multitenant example, we use the default ca bundle.

redhat-rhosdt-samples/opentelemetry/multitenant/otelcol.yaml

Line 124 in 7d6b8a5

ca_file: "/var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt"

Do we not need the openshift ca`s?

Example

apiVersion: template.openshift.io/v1
kind: Template
objects:
  - apiVersion: v1
    kind: ConfigMap
    metadata:
      namespace: ${NAMESPACE}
      annotations:
        service.beta.openshift.io/inject-cabundle: "true"
      name: otelcol-cabundle
  - apiVersion: opentelemetry.io/v1alpha1
    kind: OpenTelemetryCollector
    spec:
      volumeMounts:
        - mountPath: /etc/pki/ca-trust/source/service-ca
          name: cabundle-volume
      volumes:
        - configMap:
            name: otelcol-cabundle
          name: cabundle-volume
      config: |
...
          otlp:
            endpoint: observatorium-tempostack.${NAMESPACE}.svc.cluster.local:8090
            tls:
              insecure: false
              ca_file: "/etc/pki/ca-trust/source/service-ca/service-ca.crt"
...

cc @iblancasa

[pavolloffay]

@frzifus is the ca bundle from service.beta.openshift.io/inject-cabundle: "true" different to "/var/run/secrets/kubernetes.io/serviceaccount/service-ca.crt" ?

[frzifus]

My understanding is, not on OpenShift 4. But on 3.11 which is still supported. But is that a thing for us?

[pavolloffay]

We do not support OpenShift 3.x. Can you describe the difference (for curiosity) or paste a link to docs?