I’m using fedora-coreos-34.20210529.3.0-vmware.x86_64.ova and a fcos/1.3.0 butane specification file with ignition.security.tls… settings for inline certificates of my internal CA-certificate.
butane is fine with this configuration and fcos is installed. But there are no certificates added to the system and podman is unable to pull a image from my internal registry service signed by my internal CA.
Is there a gap between the butane specification and the implemented features in CoreOS? Where can i find the logs for the “service applying the ignition file” on the fcos installation?
Is there an other method to add custum certificates to the fcos truststore?
All of the settings under ignition only affect the running of Ignition itself. If you want your CA to be applied to the installed system, you can additionally write the cert directly to the filesystem using storage.files.
You can retrieve Ignition logs with journalctl -t ignition.