Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-44473

Hosted cluster config operator cannot reconcile image configuration (in rosa)

XMLWordPrintable

    • Critical
    • None
    • Approved
    • False
    • Hide

      None

      Show
      None

      Description of problem:

      When Ingress configuration is specified for a HostedCluster in .spec.configuration.ingress, the configuration fails to make it into the HostedCluster because VAP {{ingress-config-validation.managed.openshift.io}} prevents it.
          

      Version-Release number of selected component (if applicable):

      4.18 Hosted ROSA
          

      How reproducible:

      Always
          

      Steps to Reproduce:

          1. Create a hosted cluster in ROSA with 
      spec:
        configuration:
           ingress:
             domain: ""
             loadBalancer:
               platform:
                 aws:
                   type: NLB
                 type: AWS
          2. Wait for the cluster to come up
          3.
          

      Actual results:

          Cluster never finishes applying the payload (reaches Complete) because the console operator fails to reconcile its route.
          

      Expected results:

          Cluster finishes applying the payload and reaches Complete
          

      Additional info:

      The following error is reported in the hcco log:
      
      {"level":"error","ts":"2024-11-12T17:33:09Z","msg":"Reconciler error","controller":"resources","object":{"name":""},"namespace":"","name":"","reconcileID":"f4216970-af97-4093-ae72-b7dbe452b767","error":"failed to reconcile global configuration: failed to reconcile ingress config: admission webhook \"ingress-config-validation.managed.openshift.io\" denied the request: Only privileged service accounts may access","errorCauses":[{"error":"failed to reconcile global configuration: failed to reconcile ingress config: admission webhook \"ingress-config-validation.managed.openshift.io\" denied the request: Only privileged service accounts may access"}],"stacktrace":"sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler\n\t/hypershift/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:324\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem\n\t/hypershift/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:261\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2.2\n\t/hypershift/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:222"}
      
      
          

              cewong@redhat.com Cesar Wong
              cewong@redhat.com Cesar Wong
              He Liu He Liu
              Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

                Created:
                Updated: