-
Bug
-
Resolution: Done
-
Normal
-
None
-
4.17.0
-
None
-
Moderate
-
None
-
Rejected
-
False
-
Description of problem:
oc expose cannot get catalogd webserver after use encryption (HTTPS)
Version-Release number of selected component (if applicable):
Server Version: 4.17.0-0.nightly-2024-07-15-034821
How reproducible:
always
Steps to Reproduce:
jitli@RedHat:~/work/src/test/catalogd$ oc get clustercatalog NAME PHASE AGE redhat-operators-jitli Unpacked 58m
contentURL: https://catalogd-catalogserver.openshift-catalogd.svc/catalogs/redhat-operators-jitli/all.json
jitli@RedHat:~/work/src/test/catalogd$ oc get secret catalogserver-cert -n openshift-catalogd NAME TYPE DATA AGE catalogserver-cert kubernetes.io/tls 2 65m
jitli@RedHat:~/work/src/test/catalogd$ oc get cm -n openshift-operator-controller operator-controller-openshift-ca NAME DATA AGE operator-controller-openshift-ca 1 66m
and ca and secret looks good
After I expose the server
jitli@RedHat:~/work/src/test/catalogd$ oc expose service catalogd-catalogserver -n openshift-catalogd route/catalogd-catalogserver exposed
jitli@RedHat:~/work/src/test/catalogd$ oc get route -A NAMESPACE NAME HOST/PORT PATH SERVICES PORT TERMINATION WILDCARD openshift-catalogd catalogd-catalogserver catalogd-catalogserver-openshift-catalogd.apps.jitli0715.qe.devcluster.openshift.com catalogd-catalogserver https None
I curl it with -k and use chrome to open the link
https://catalogd-catalogserver-openshift-catalogd.apps.jitli0715.qe.devcluster.openshift.com/catalogs/redhat-operators-jitli/all.json
Application is not available
The application is currently not serving requests at this endpoint. It may not have been started or is still starting.
[OCPBUGS-37077] oc expose cannot get catalogd webserver after use encryption (HTTPS)
after add termination in the route, works well
tls: termination: reencrypt
The same failure with --target-port='443' --port='443'
jitli@RedHat:~/work/src/test/catalogd/69123$ oc expose service catalogd-catalogserver -n openshift-catalogd --target-port='443' --port='443' route/catalogd-catalogserver exposed jitli@RedHat:~/work/src/test/catalogd/69123$ oc get route -A NAMESPACE NAME HOST/PORT PATH SERVICES PORT TERMINATION WILDCARD openshift-catalogd catalogd-catalogserver catalogd-catalogserver-openshift-catalogd.apps.jitli0715.qe.devcluster.openshift.com catalogd-catalogserver 443 None
Works well with using port-forward or exec pod to curl, but use oc expose doesn't work
I'm not sure if it's an oc expose issue, please help check it thanks rh-ee-bpalmer
jitli@RedHat:~/work/src/test/catalogd/69123$ oc exec catalogd-controller-manager-c5c98658c-s94ml -i -- curl -k https://catalogd-catalogserver.openshift-catalogd.svc/catalogs/redhat-operators-jitli/all.json
{"defaultChannel":"candidate-v2.0","name":"nginx69869","schema":"olm.package"} {"entries":[{"name":"nginx69869.v0.0.1"}],"name":"candidate-v0.0","package":"nginx69869","schema":"olm.channel"} {"entries":[{"name":"nginx69869.v2.0.6"}],"name":"candidate-v2.0","package":"nginx69869","schema":"olm.channel"}
oc -n openshift-catalogd port-forward svc/catalogd-catalogserver 8080:443
https://127.0.0.1:8080/catalogs/redhat-operators-jitli/all.json
curl -k https://127.0.0.1:8080/catalogs/redhat-operators-jitli/all.json
{"defaultChannel":"candidate-v2.0","name":"nginx69869","schema":"olm.package"} {"entries":[{"name":"nginx69869.v0.0.1"}],"name":"candidate-v0.0","package":"nginx69869","schema":"olm.channel"} {"entries":[{"name":"nginx69869.v2.0.6"}],"name":"candidate-v2.0","package":"nginx69869","schema":"olm.channel"}
use port-forward works well
close it, if you have any other contents, please reopen it.