Loading...

XML

Word

Printable

Type: Bug
Resolution: Done-Errata
Priority: Major
Fix Version/s: 4.14.z
Affects Version/s: 4.13
Component/s: Management Console
Labels:
None

Regression:
No
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Release Note Text:

Hide
The console backend was proxying operand list requests to the public API server endpoint, which caused CA cert issues under some circumstances. The proxy configuration was updated to point to the internal API server endpoint which fixed this issue.
__________________
* Previously, the console backend proxy server was sending operand list requests to the public API server endpoint. This caused Certificate Authority (CA) issues under some circumstances. With this release, the proxy configuration was updated to point to the internal API server endpoint which fixed this issue. (link:https://issues.redhat.com/browse/OCPBUGS-31595[*~~OCPBUGS-31595~~*])

Show
The console backend was proxying operand list requests to the public API server endpoint, which caused CA cert issues under some circumstances. The proxy configuration was updated to point to the internal API server endpoint which fixed this issue. __________________ * Previously, the console backend proxy server was sending operand list requests to the public API server endpoint. This caused Certificate Authority (CA) issues under some circumstances. With this release, the proxy configuration was updated to point to the internal API server endpoint which fixed this issue. (link: https://issues.redhat.com/browse/OCPBUGS-31595 [* OCPBUGS-31595 *])
Release Note Type:
Bug Fix
Release Note Status:
In Progress
Customer Impact:

Customer Escalated
Target Version:

4.13.z

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

PX Impact Score:
PX Priority Data:
PX Review Complete:

Description of problem:

The customer has a custom apiserver certificate.

This error can be found while trying to uninstall any operator by console:

openshift-console/pods/console-56494b7977-d7r76/console/console/logs/current.log:

2023-10-24T14:13:21.797447921+07:00 E1024 07:13:21.797400 1 operands_handler.go:67] Failed to get new client for listing operands: Get "https://api.<cluster>.<domain>:6443/api?timeout=32s": x509: certificate signed by unknown authority

when trying the same request from the console pod we can see no issue.

We see the root ca that signs apiserver certificate and this CA is trusted in the pod.

It seems the code that provokes this issue is:

https://github.com/openshift/console/blob/master/pkg/server/operands_handler.go#L62-L70

clones

OCPBUGS-29783 [release-4.14] certificate signed by unknown authority while uninstalling operators from console.

Closed

depends on

OCPBUGS-29783 [release-4.14] certificate signed by unknown authority while uninstalling operators from console.

Closed

links to

openshift/console#13714: [release-4.13] OCPBUGS-31595: Fix operands list endpoint.

RHBA-2024:2047 OpenShift Container Platform 4.13.z bug fix update

Assignee:: Jakub Hadvig

Reporter:: German Parente

QA Contact:: YaDan Pei

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Created:: 2024/04/01 8:00 PM

Updated:: 2024/05/02 4:37 PM

Resolved:: 2024/05/02 4:37 PM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates