Details
-
Bug
-
Resolution: Won't Do
-
Minor
-
None
-
4.12.z
-
No
-
1
-
Sprint 248
-
1
-
Rejected
-
False
-
Description
Description of problem:
My customer was replacing their custom ingress certificates and during the process the ingress operator managed to mangle the updated certificates in $ oc get secret v4-0-config-system-router-certs -o yaml: -----BEGIN EXAMPLE CERTIFICATE----- XXXXXXXXXX XXXXXXXXXX -----END EXAMPLE CERTIFICATE----- -----BEGIN EXAMPLE CERTIFICATE----- XXXXXXXXXX XXXXXXXXXX -----END EXAMPLE CERTIFICATE----- -----BEGIN EXAMPLE CERTIFICATE----- XXXXXXXXXX XXXXXXXXXX -----END EXAMPLE CERTIFICATE----------BEGIN EXAMPLE PRIVATE KEY----- <- This is wrong! XXXXXXXXXX XXXXXXXXXX -----END EXAMPLE PRIVATE KEY----- This caused the auth pods to fail and for the logs to error: E0718 13:20:01.600365 1 dynamic_serving_content.go:218] key failed with : tls: failed to find PEM block with type ending in "PRIVATE KEY" in key input after skipping PEM blocks of the following types: [CERTIFICATE CERTIFICATE] E0718 13:20:01.620678 1 dynamic_serving_content.go:218] key failed with : tls: failed to find PEM block with type ending in "PRIVATE KEY" in key input after skipping PEM blocks of the following types: [CERTIFICATE CERTIFICATE] E0718 13:20:01.661048 1 dynamic_serving_content.go:218] key failed with : tls: failed to find PEM block with type ending in "PRIVATE KEY" in key input after skipping PEM blocks of the following types: [CERTIFICATE CERTIFICATE] E0718 13:20:01.741461 1 dynamic_serving_content.go:218] key failed with : tls: failed to find PEM block with type ending in "PRIVATE KEY" in key input after skipping PEM blocks of the following types: [CERTIFICATE CERTIFICATE] E0718 13:20:01.902164 1 dynamic_serving_content.go:218] key failed with : tls: failed to find PEM block with type ending in "PRIVATE KEY" in key input after skipping PEM blocks of the following types: [CERTIFICATE CERTIFICATE]
Version-Release number of selected component (if applicable):
OCP 4.12.z
How reproducible:
Currently unknown
Steps to Reproduce:
1. 2. 3.
Actual results:
Expected results:
Additional info:
The workaround was to insert the CR that was missing.