-
Bug
-
Resolution: Unresolved
-
Undefined
-
None
-
premerge
-
Critical
-
None
-
Proposed
-
False
-
Description of problem:
This is a bug found during pre-merge test of 4.18 epic AUTH-528 PRs https://github.com/openshift/cluster-authentication-operator/pull/740 and filed for better tracking per existing "OpenShift - Testing Before PR Merges - Left-Shift Testing" google doc workflow.
co/authentication's "Available" becomes False after OCP BYO external oidc is configured.
Version-Release number of selected component (if applicable):
Cluster-bot build which is built at 2024-11-25 09:39 CST (UTC+800) build 4.18,openshift/cluster-authentication-operator#713,openshift/cluster-authentication-operator#740,openshift/cluster-kube-apiserver-operator#1760,openshift/console-operator#940
How reproducible:
Always
Steps to Reproduce:
1. Launch a TechPreviewNoUpgrade standalone OCP cluster with above build. Configure htpasswd IDP. Test users can login successfully. 2. Configure BYO external OIDC in this OCP cluster using Microsoft Entra ID. KAS and console pods can roll out successfully. oc login and console login to Microsoft Entra ID can succeed. 3. Check stuff: $ oc get co NAME VERSION AVAILABLE PROGRESSING DEGRADED SINCE MESSAGE authentication 4.18.0-0.test-2024-11-25-020414-ci-ln-71cvsj2-latest False False False 20m APIServerDeploymentAvailable: no apiserver.openshift-oauth-apiserver pods available on any node.... ...
Actual results:
co/authentication's "Available" becomes False.
Expected results:
co/authentication's status is good.
Additional info:
- blocks
-
AUTH-543 Authentication operator configuration per auth type
-
- Code Review
-
- links to