Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-29510

console pods are crashlooping in OIDC authentication configuration

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done-Errata
    • Icon: Critical Critical
    • None
    • 4.15.0
    • Management Console
    • None
    • Critical
    • No
    • HAC Infra OCP - Sprint 251
    • 1
    • Approved
    • False
    • Hide

      None

      Show
      None
    • Hide
      * Previously, console pods would crash loop if the `--user-auth` flag was set to `disabled`. With this update, the console backend properly handles this value. (link:https://issues.redhat.com/browse/OCPBUGS-29510[*OCPBUGS-29510*])
      Show
      * Previously, console pods would crash loop if the `--user-auth` flag was set to `disabled`. With this update, the console backend properly handles this value. (link: https://issues.redhat.com/browse/OCPBUGS-29510 [* OCPBUGS-29510 *])
    • Bug Fix
    • Done
    • Hide
      2024-03-13 update: would like to be escalating it to Blocker as per https://redhat-internal.slack.com/archives/C060D1W96LB/p1710253510466169?thread_ts=1710143589.807349&cid=C060D1W96LB discussion, pls triage. Kindly correct it if it does not deserve this escalation. Thanks
      Show
      2024-03-13 update: would like to be escalating it to Blocker as per https://redhat-internal.slack.com/archives/C060D1W96LB/p1710253510466169?thread_ts=1710143589.807349&cid=C060D1W96LB discussion, pls triage. Kindly correct it if it does not deserve this escalation. Thanks

      Description of problem:

          When a cluster is configured for direct OIDC configuration (authentication.config/cluster .spec.type=OIDC), console pods will be in crashloop until an OIDC client is configured for the console.

      Version-Release number of selected component (if applicable):

          4.15.0

      How reproducible:

      100% in Hypershift; 100% in TechPreviewNoUpgrade featureset on standalone OpenShift

      Steps to Reproduce:

          1. Update authentication.config/cluster so that Type=OIDC

      Actual results:

          The console operator tries to create a new console rollout, but the pods crashloop. This is because the operator sets the console pods to "disabled". This would normally actually mean a privilege escalation, fortunately the configuration prevents a successful deploy.

      Expected results:

          Console pods are healthy, they show a page which says that no authentication is currently configured.

      Additional info:

            rh-ee-jonjacks Jon Jackson
            slaznick@redhat.com Stanislav Láznička
            Yanping Zhang Yanping Zhang
            Votes:
            0 Vote for this issue
            Watchers:
            10 Start watching this issue

              Created:
              Updated:
              Resolved: