Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-13168

Invalid CA certificate bundle provided by service account token

    XMLWordPrintable

Details

    • Bug
    • Resolution: Unresolved
    • Blocker
    • 4.14.0
    • 4.13.z, 4.12.z, 4.14.0
    • HyperShift
    • No
    • Hypershift Sprint 236, Hypershift Sprint 237
    • 2
    • Rejected
    • False
    • Hide

      None

      Show
      None

    Description

      Description of problem:

      oc login --token=$token
--server=https://api.dalh-dev-hs-2.05zb.p3.openshiftapps.com:443 --certificate-authority=ca.crt
The server uses a certificate signed by an unknown authority.
You can bypass the certificate check, but any data you send to the server could be intercepted by others.

      The referenced "ca.crt" comes from the Secret created when a Service Account is created.

      Version-Release number of selected component (if applicable): 4.12.12

      How reproducible: Always

      Attachments

        Issue Links

          blocks

          Bug - A problem that impairs or prevents the functions of the product. OCPBUGS-14030 Invalid CA certificate bundle provided by service account token

          • Blocker - To be worked above all other priorities. This term is chosen when the severity of the issue is very high, has no workaround, or the effort for the change is comparatively low. Issues that may be very publicly visible and could generate significant media attention may also drive a higher priority.
          • Closed
          is cloned by

          Bug - A problem that impairs or prevents the functions of the product. OCPBUGS-14030 Invalid CA certificate bundle provided by service account token

          • Blocker - To be worked above all other priorities. This term is chosen when the severity of the issue is very high, has no workaround, or the effort for the change is comparatively low. Issues that may be very publicly visible and could generate significant media attention may also drive a higher priority.
          • Closed

          Bug - A problem that impairs or prevents the functions of the product. OCPBUGS-14031 Invalid CA certificate bundle provided by service account token

          • Blocker - To be worked above all other priorities. This term is chosen when the severity of the issue is very high, has no workaround, or the effort for the change is comparatively low. Issues that may be very publicly visible and could generate significant media attention may also drive a higher priority.
          • Closed
          links to

          GitHub openshift/hypershift#2584: OCPBUGS-13168: Include default ingress CA in root CA bundle

          mentioned on

          GitLab Merge request - Bump IBM integration to our latest prod image.

          Activity

            People

              cewong@redhat.com Cesar Wong
              wgordon.openshift Will Gordon
              Jie Zhao Jie Zhao
              Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

              Dates

                Created:
                Updated: