Loading...

XML

Word

Printable

Type: Bug
Resolution: Done-Errata
Priority: Critical
Fix Version/s: 4.17.z
Affects Version/s: 4.15.0
Component/s: Management Console
Labels:
None

Work Type:
None
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Story Points:
None
Severity:
Critical
Regression:
No
Epic Link:
provided-clientid
Latest Status Summary:

Hide
2024-03-13 update: would like to be escalating it to Blocker as per https://redhat-internal.slack.com/archives/C060D1W96LB/p1710253510466169?thread_ts=1710143589.807349&cid=C060D1W96LB discussion, pls triage. Kindly correct it if it does not deserve this escalation. Thanks

Show
2024-03-13 update: would like to be escalating it to Blocker as per https://redhat-internal.slack.com/archives/C060D1W96LB/p1710253510466169?thread_ts=1710143589.807349&cid=C060D1W96LB discussion, pls triage. Kindly correct it if it does not deserve this escalation. Thanks

Target Backport Versions:
None
Target Version:

4.17.0
Release Blocker:
Approved
Sprint:
HAC Infra OCP - Sprint 251
sprint_count:
1

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Release Note Status:
Done
Release Note Type:
Bug Fix
Release Note Text:

Hide
* Previously, console pods would crash loop if the `--user-auth` flag was set to `disabled`. With this update, the console backend properly handles this value. (link:https://issues.redhat.com/browse/OCPBUGS-29510[*~~OCPBUGS-29510~~*])

Show
* Previously, console pods would crash loop if the `--user-auth` flag was set to `disabled`. With this update, the console backend properly handles this value. (link: https://issues.redhat.com/browse/OCPBUGS-29510 [* OCPBUGS-29510 *])

Escape Reason:
None
Escape Impact:
None
Corrective Measures:
None
SDLC stage when should've been found:
None

Description of problem:

    When a cluster is configured for direct OIDC configuration (authentication.config/cluster .spec.type=OIDC), console pods will be in crashloop until an OIDC client is configured for the console.

Version-Release number of selected component (if applicable):

    4.15.0

How reproducible:

100% in Hypershift; 100% in TechPreviewNoUpgrade featureset on standalone OpenShift

Steps to Reproduce:

    1. Update authentication.config/cluster so that Type=OIDC

Actual results:

    The console operator tries to create a new console rollout, but the pods crashloop. This is because the operator sets the console pods to "disabled". This would normally actually mean a privilege escalation, fortunately the configuration prevents a successful deploy.

Expected results:

    Console pods are healthy, they show a page which says that no authentication is currently configured.

Additional info:

blocks

OCPBUGS-34002 console pods are crashlooping in OIDC authentication configuration

Closed

is cloned by

OCPBUGS-34002 console pods are crashlooping in OIDC authentication configuration

Closed

links to

openshift/console#13713: OCPBUGS-29510: Fix console crash-loop with OIDC auth config

RHEA-2024:3718 OpenShift Container Platform 4.17.z bug fix update

Slack Discussion - 5 Feb 2024

Slack discussion - 18 Mar 2024

(1 links to)

Assignee:: Jon Jackson

Reporter:: Stanislav Láznička (Inactive)

Need Info From:: None

Contributors:: None

QA Contact:: Yanping Zhang

Doc Contact:: None

Votes:: 0 Vote for this issue

Watchers:: 11 Start watching this issue

Created:: 2024/02/15 8:37 AM

Updated:: 2025/05/01 10:54 PM

Resolved:: 2024/10/01 5:30 PM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates