-
Bug
-
Resolution: Duplicate
-
Critical
-
None
-
ACM 2.12.3
-
Quality / Stability / Reliability
-
1
-
False
-
-
False
-
-
-
SF Train-28
-
-
-
None
Description of problem:
We are getting the below webhook error while trying to add labels to the managedclusters:
2025-06-03T04:32:21.027613991Z 2025-06-03T04:32:21.027Z ERROR reconcile : error ensuring local-cluster: Internal error occurred: failed calling webhook "managedclustermutators.admission.cluster.open-cluster-management.io": failed to call webhook: Post "https://cluster-manager-registration-webhook.open-cluster-management-hub.svc:9443/mutate-cluster-open-cluster-management-io-v1-managedcluster?timeout=10s": tls: failed to verify certificate: x509: certificate signed by unknown authority {"error": "errors applying components"} 2025-06-03T04:32:21.027613991Z github.com/stolostron/backplane-operator/controllers.(*MultiClusterEngineReconciler).ensureToggleableComponents
We verified that the ca-cert on the managedclustermutators.admission.cluster.open-cluster-management.io is matching the ca-cert on the registration-webhook-serving-cert. (Earlier we found that they did not match so we replaced the cert, but the issue still persists)
The registration-webhook pods are also showing this error:
2025-06-03T01:51:59.299290983Z I0603 01:51:59.299235 1 log.go:245] http: TLS handshake error from 172.20.4.2:35532: remote error: tls: bad certificate
Version-Release number of selected component (if applicable): 2.12
Additional info:
- duplicates
-
-
- Closed
-
