Uploaded image for project: 'OpenShift Logging'
  1. OpenShift Logging
  2. LOG-3511

[release-5.5] TLS errors on Loki controller pod due to bad certificate

    XMLWordPrintable

Details

    • False
    • None
    • False
    • NEW
    • VERIFIED
    • Hide
      Before this update, the Loki Operator Webhook server caused TLS errors under the following condition namly the kube-apiserver-opertor cheking the webhook validity. With this update, the Loki Operator Webhook PKI is managed by the Operator Lifecycle Manager's dynamic webhook management resolves the issue and the kube-apiserver-operator can perform webhook checks without errors.
      Show
      Before this update, the Loki Operator Webhook server caused TLS errors under the following condition namly the kube-apiserver-opertor cheking the webhook validity. With this update, the Loki Operator Webhook PKI is managed by the Operator Lifecycle Manager's dynamic webhook management resolves the issue and the kube-apiserver-operator can perform webhook checks without errors.
    • Log Storage - Sprint 230, Log Storage - Sprint 231

    Description

      Description of problem:
      TLS handshake error on controller pod with bad certificate error

      2022-12-15 00:46:33.534220 I | http: TLS handshake error from 10.129.0.2:44864: remote error: tls: bad certificate63962022-12-15 00:46:34.289701 I | http: TLS handshake error from 10.130.0.2:44292: remote error: tls: bad certificate63972022-12-15 00:46:34.340468 I | http: TLS handshake error from 10.128.0.34:48842: remote error: tls: bad certificate

      LokiStack CR: http://pastebin.test.redhat.com/1085306

      Controller logs: http://pastebin.test.redhat.com/1085305

      CSV: loki-operator.v5.6.0, loki-operator.5.5.6  

      Steps to Reproduce:
      1) Deploy LokiOperator.

      2) Create secret and provision LokiStack CR

      3) Check controller logs.

      Actual results: LokiStack will provision without errors under controller pod.

      Expected results: TLS handshake error on controller pods. Loki components are running.

      Attachments

        Issue Links

          clones

          Bug - A problem that impairs or prevents the functions of the product. LOG-3431 TLS errors on Loki controller pod due to bad certificate

          • Normal - To be worked after urgent and high priorities are resolved. This term is chosen when the severity of an issue is relatively close to the level of effort to fix it. The existence of an easily implemented workaround can also lead to this priority level instead of a higher priority.
          • Closed
          links to

          GitHub openshift/loki#101: [release-5.5] Remove custom webhook cert mounts for OLM-based deployment (#8173)

          mentioned on

          GitLab Merge request - Updated 2 upstream sources

          Activity

            People

              ptsiraki@redhat.com Periklis Tsirakidis
              rhn-support-kbharti Kabir Bharti
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: