Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-31482

[External OIDC] console pods stuck in ContainerCreating status when issuerCertificateAuthority is set due to the CA configmap is not propagated to openshift-console namespace


    • Icon: Bug Bug
    • Resolution: Done-Errata
    • Icon: Undefined Undefined
    • 4.16.0
    • 4.15.z, 4.16.0
    • Management Console
    • None
    • Critical
    • No
    • False
    • Hide


    • Release Note Not Required
    • In Progress

      Description of problem:

      In the tested HCP external OIDC env, when issuerCertificateAuthority is set, console pods are stuck in ContainerCreating status. The reason is the CA configmap is not propagated to openshift-console namespace by the console operator.

      Version-Release number of selected component (if applicable):

      Latest 4.16 and 4.15 nightly payloads

      How reproducible:


      Steps to Reproduce:

      1. Configure HCP external OIDC env with issuerCertificateAuthority set.
      2. Check oc get pods -A

      Actual results:

      2. Before OCPBUGS-31319 is fixed, console pods are in CrashLoopBackOff status. After OCPBUGS-31319 is fixed or manually coping the CA configmap to openshift-config namespace as workaround, console pods are stuck in ContainerCreating status until the CA configmap is manually copied to openshift-console namespace too. Console login is affected.

      Expected results:

      2. Console operator should be responsible to copy the CA to openshift-console namespace. And console login should succeed.

      Additional info:

      In https://redhat-internal.slack.com/archives/C060D1W96LB/p1711548626625499 , HyperShift Dev side Seth requested to create this separate console bug to unblock the PR merge and backport for OCPBUGS-31319 . So creating it

            slaznick@redhat.com Stanislav Láznička
            xxia-1 Xingxing Xia
            Yanping Zhang Yanping Zhang
            0 Vote for this issue
            9 Start watching this issue