-
Bug
-
Resolution: Done-Errata
-
Normal
-
4.15.0
-
Moderate
-
No
-
False
-
As this shows tls: bad certificate from kube-apiserver operator, for example, https://reportportal-openshift.apps.ocp-c1.prod.psi.redhat.com/ui/#prow/launches/all/470214, checked its must-gather: https://gcsweb-qe-private-deck-ci.apps.ci.l2s4.p1.openshiftapps.com/gcs/qe-private-deck/logs/periodic-ci-openshift-openshift-tests-private-release-4.15-amd64-nightly-aws-ipi-imdsv2-fips-f14/1726036030588456960/artifacts/aws-ipi-imdsv2-fips-f14/gather-must-gather/artifacts/
MacBook-Pro:~ jianzhang$ omg logs prometheus-operator-admission-webhook-6bbdbc47df-jd5mb | grep "TLS handshake" 2023-11-27 10:11:50.687 | WARNING | omg.utils.load_yaml:<module>:10 - yaml.CSafeLoader failed to load, using SafeLoader 2023-11-19T00:57:08.318983249Z ts=2023-11-19T00:57:08.318923708Z caller=stdlib.go:105 caller=server.go:3215 msg="http: TLS handshake error from 10.129.0.35:48334: remote error: tls: bad certificate" 2023-11-19T00:57:10.336569986Z ts=2023-11-19T00:57:10.336505695Z caller=stdlib.go:105 caller=server.go:3215 msg="http: TLS handshake error from 10.129.0.35:48342: remote error: tls: bad certificate" ... MacBook-Pro:~ jianzhang$ omg get pods -A -o wide | grep "10.129.0.35" 2023-11-27 10:12:16.382 | WARNING | omg.utils.load_yaml:<module>:10 - yaml.CSafeLoader failed to load, using SafeLoader openshift-kube-apiserver-operator kube-apiserver-operator-f78c754f9-rbhw9 1/1 Running 2 5h27m 10.129.0.35 ip-10-0-107-238.ec2.internal
for more information slack - https://redhat-internal.slack.com/archives/CC3CZCQHM/p1700473278471309
- blocks
-
OCPBUGS-29722 tls: bad certificate from kube-apiserver-operator
- Closed
- clones
-
OCPBUGS-24005 tls: bad certificate from kube-apiserver-operator
- Closed
- is blocked by
-
OCPBUGS-24005 tls: bad certificate from kube-apiserver-operator
- Closed
- is cloned by
-
OCPBUGS-29775 [release-4.15] tls: bad certificate from kube-apiserver-operator
- Closed
- links to
-
RHSA-2023:7198 OpenShift Container Platform 4.15 security update