-
Bug
-
Resolution: Done
-
Undefined
-
Logging 5.4.1
-
False
-
None
-
False
-
NEW
-
VERIFIED
-
Before this update, the Kibana route was setting a `caCertificate` value without a certificate present. With this update, no `caCertificate` value is set.
-
Log Storage - Sprint 221, Log Storage - Sprint 222, Log Storage - Sprint 223, Log Storage - Sprint 224
Currently kibana is setting caCertificate without a cert/key which seems unnecessary.
https://github.com/openshift/elasticsearch-operator/blob/master/internal/kibana/route.go#L60
This is causing issue with the VMWare NSX-T SDN as its trying to create a PEMfor their ingress with the CA + empty cert.
2022-05-25T19:24:29.866Z server NSX 6470 - [nsx@6876 audit="true" comp="nsx-manager" entId="lb_7a53a319-8827-42b1-87c2-eeafdb79d5d6_bmypv" level="INFO" reqId="90f3b8af-d28c-435e-871e-65d4946a2819" subcomp="policy" update="true" username="openshift"] UserName="openshift", ModuleName="PolicyCertificate", Operation="AddTlsCertificate", Operation status="success", New value=["lb_7a53a319-8827-42b1-87c2-eeafdb79d5d6_bmypv" {"pem_encoded":"None\n-----BEGIN CERTIFICATE-----\zybDTaKMvzvIluxvuOdDCjhnCnSKbHd87r\nLnemk5Jnf3SOm3dU/UVlt93BKDSICkCuxN6U12Rpzp7k5BTVHPHaqhgoYLeFmlD2\nIhvSKDVRPUqXitvtatKlQ4icBYseG/QPYDPsNXl4k2FqG5L50YHcJq1JjF2iPbmV\nW53V4kXQJ535pQs0U0KA3dcMjEmfPstYIyw2YU2D1/+WDzCT2t/PSVOaqcrEwu2/\npU2nDKkeqYIqfl7QDMoXy6h5cDfPzpL0c0ILylGsyHDhvkTnHpl+JsSE7g==\n-----END CERTIFICATE-----\n","resource_type":"TlsCertificate","id":"lb_7a53a319-8827-42b1-87c2-eeafdb79d5d6_bmypv","display_name":"lb-7a53a319-8827-42b1-87c2-eeafdb79d5d6","tags":[{"scope":"ncp/version","tag":"1.2.0"},{"scope":"ncp/cluster","tag":"OCP4KLAB2"},{"scope":"ncp/project","tag":"openshift-logging"},{"scope":"external_id","tag":"7a53a319-8827-42b1-87c2-eeafdb79d5d6"},{"scope":"ncp/l7_resource_uuid","tag":"7a53a319-8827-42b1-87c2-eeafdb79d5d6"}],"marked_for_delete":false,"overridden":false,"_protection":"UNKNOWN","_revision":-1}] 2022-05-25T19:24:29.924Z app-02.dmz NSX 9 - [nsx@6876 comp="nsx-container-ncp" subcomp="ncp" level="WARNING"] vmware_nsxlib.v3.client The HTTP request returned error code 400, whereas 201/200 response codes wereexpected. Response body {'httpStatus': 'BAD_REQUEST', 'error_code': 502001, 'module_name': 'Policy', 'error_message': 'Errors validating path=[[/infra/lb-virtual-servers/OCP4KLAB2_https_terminated]].', 'related_errors': [{'httpStatus': 'BAD_REQUEST', 'error_code': 502054, 'module_name': 'Policy', 'error_message': 'Service certificate ID /infra/certificates/lb_7a53a319-8827-42b1-87c2-eeafdb79d5d6_bmypv is invalid.'}]}
