Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-31319

[External OIDC] console pods crashing when issuerCertificateAuthority is set due to the CA configmap is not propagated to openshift-config namespace

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Critical Critical
    • 4.16.0
    • 4.15.z, 4.16.0
    • HyperShift
    • No
    • Hypershift Sprint 251
    • 1
    • Proposed
    • False
    • Hide

      None

      Show
      None

      $ oc logs --previous --timestamps -n openshift-console console-64df9b5bcb-8h8xk
      2024-03-22T11:17:07.824396015Z I0322 11:17:07.824332       1 main.go:210] The following console plugins are enabled:
      2024-03-22T11:17:07.824574844Z I0322 11:17:07.824558       1 main.go:212]  - monitoring-plugin
      2024-03-22T11:17:07.824613918Z W0322 11:17:07.824603       1 authoptions.go:99] Flag inactivity-timeout is set to less then 300 seconds and will be ignored!
      2024-03-22T11:22:07.828873678Z I0322 11:22:07.828819       1 main.go:634] Binding to [::]:8443...
      2024-03-22T11:22:07.828982852Z I0322 11:22:07.828967       1 main.go:636] using TLS
      2024-03-22T11:22:07.833771847Z E0322 11:22:07.833726       1 asynccache.go:62] failed a caching attempt: Get "https://keycloak-keycloak.apps.xxxx/realms/master/.well-known/openid-configuration": tls: failed to verify certificate: x509: certificate signed by unknown authority
      2024-03-22T11:22:10.831644728Z I0322 11:22:10.831598       1 metrics.go:128] serverconfig.Metrics: Update ConsolePlugin metrics...
      2024-03-22T11:22:10.848238183Z I0322 11:22:10.848187       1 metrics.go:138] serverconfig.Metrics: Update ConsolePlugin metrics: &map[monitoring:map[enabled:1]] (took 16.490288ms)
      2024-03-22T11:22:12.829744769Z I0322 11:22:12.829697       1 metrics.go:80] usage.Metrics: Count console users...
      2024-03-22T11:22:13.236378460Z I0322 11:22:13.236318       1 metrics.go:156] usage.Metrics: Update console users metrics: 0 kubeadmin, 0 cluster-admins, 0 developers, 0 unknown/errors (took 406.580502ms)
      

      The cause is that the HCCO is not copying the issuerCertificateAuthority configmap into the openshift-config namespace of the HC.

            sjenning Seth Jennings
            sjenning Seth Jennings
            Yanping Zhang Yanping Zhang
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

              Created:
              Updated: