Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-29540

OAuth issues on HCP cluster

XMLWordPrintable

    • Quality / Stability / Reliability
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • No
    • None
    • None
    • None
    • None
    • None
    • None
    • None
    • None
    • None
    • None
    • None

      Description of problem:

      HCP cluster backplanep05ue1 is running into OAuth issues and is unable to sync OAuth resources like IDP from OCM to the cluster, causing authentication issues like logging into the cluster.

      Version-Release number of selected component (if applicable):

      4.14.8

      How reproducible:

      Issue seems to be limited to backplanep05ue1

      Steps to Reproduce:

          1. 
    2.
    3.

      Actual results:

      Expected results:

      Additional info:

      backplanep05ue1 is a new backplane shard in the production environment and was rolled out by app-sre via app-interface. SRE attempted to debug the cluster in OHSS-31684 but we have been unable to find the root cause.

A potential lead is an issue with the external dns operator running on the corresponding management cluster as there are error with the vpc endpoint of backplanep05ue1 
      $ oc-dtlogs external-dns-789fb6986d-v8jdv -n hypershift | grep vpce-svc-0db8f91759820b358

time="2024-02-15T11:04:28Z" level=warning msg="Could not find canonical hosted zone for domain vpce-019c21dc25060762a-whpxtgvv.vpce-svc-0db8f91759820b358.us-east-1.vpce.amazonaws.com. This may be because your region is not supported yet."
(repeated)

              jparrill@redhat.com Juan Manuel Parrilla Madrid
              samnguyen Sam Nguyen
              Sam Nguyen
              None
              Jie Zhao Jie Zhao
              None
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated:
                Resolved: