Uploaded image for project: 'Managed Service - API'
  1. Managed Service - API
  2. MGDAPI-5490

RHOAMIsInReconcilingErrorState after cluster upgrade

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Major Major
    • None
    • 1.33.0
    • None
    • False
    • None
    • False
    • No

      WHAT:

      RHOAM operator is stuck in reconciling mode after OpenShift version upgrade. 
      Noticed the following statuses for RHOAM components 

      {"addon":"rhoam","version":"1.33.0","toVersion":null,"stage":"installation"}
["3scale","completed","2.13.0"]
["cloud-resources","completed","0.44.0"]
["grafana","completed","4.2.0"]
["marin3r","completed","0.11.0"]
["observability","completed","4.1.2"]
["rhsso","in progress","7.6"]
["rhssouser","failed","7.6"]

      When checking the logs for rhssouser operator, noticed it is reporting following certificate
      issues.

      {"level":"info","ts":XXXXXXXXXX.XXXXXXXX,"logger":"action_runner","msg":"https://keycloak.redhat-rhoam-user-sso.svc:8443 is not a valid keycloak url : Get https://keycloak.redhat-rhoam-user-sso.svc:8443: x509: certificate signed by unknown authority (possibly because of \"crypto/rsa: verification error\" while trying to verify candidate authority certificate \"openshift-service-serving-signer@XXXXXXXX\")"}
{"level":"info","ts":XXXXXXXXXX.XXXXXXXX,"logger":"action_runner","msg":"https://keycloak-redhat-rhoam-user-sso.APPLICATION.SUBDOMAIN.XXX is not a valid keycloak url : Get https://keycloak-redhat-rhoam-user-sso.APPLICATION.SUBDOMAIN.XXX: x509: certificate signed by unknown authority"}

      SRE team had manually restart all the keycloak pods to resolve the warning alert.

      DONE:

      • RHOAM RH-SSO instances has to be able to recover it-selves after certificate updates / OCP upgrades

              Unassigned Unassigned
              cabeywar-cssre Chamal Abeywardhana
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated: