-
Bug
-
Resolution: Done-Errata
-
Major
-
4.13
-
None
-
No
-
HAC Infra OCP - Sprint 251
-
1
-
False
-
-
The console backend was proxying operand list requests to the public API server endpoint, which caused CA cert issues under some circumstances. The proxy configuration was updated to point to the internal API server endpoint which fixed this issue.
-
Bug Fix
-
In Progress
-
Customer Escalated
Description of problem:
The customer has a custom apiserver certificate.
This error can be found while trying to uninstall any operator by console:
openshift-console/pods/console-56494b7977-d7r76/console/console/logs/current.log:
2023-10-24T14:13:21.797447921+07:00 E1024 07:13:21.797400 1 operands_handler.go:67] Failed to get new client for listing operands: Get "https://api.<cluster>.<domain>:6443/api?timeout=32s": x509: certificate signed by unknown authority
when trying the same request from the console pod we can see no issue.
We see the root ca that signs apiserver certificate and this CA is trusted in the pod.
It seems the code that provokes this issue is:
https://github.com/openshift/console/blob/master/pkg/server/operands_handler.go#L62-L70
- clones
-
OCPBUGS-29781 [release-4.15] certificate signed by unknown authority while uninstalling operators from console.
- Closed
- depends on
-
OCPBUGS-29781 [release-4.15] certificate signed by unknown authority while uninstalling operators from console.
- Closed
- is cloned by
-
OCPBUGS-31595 [release-4.13] certificate signed by unknown authority while uninstalling operators from console.
- Closed
- is depended on by
-
OCPBUGS-31595 [release-4.13] certificate signed by unknown authority while uninstalling operators from console.
- Closed
- links to
-
RHBA-2024:1765 OpenShift Container Platform 4.14.z bug fix update