Loading...

XML

Word

Printable

Type: Bug
Resolution: Done-Errata
Priority: Critical
Fix Version/s: None
Affects Version/s: 4.19.0
Component/s: HyperShift
Labels:
- triaged

Regression:
None
Release Blocker:
Rejected
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Release Note Text:

Hide
* Previously, when you created a cluster with secure proxy enabled and the certificate configuration is set to `configuration.proxy.trustCA`, the cluster installation failed. Additionally, the OpenShift OAuth API server could not use the management cluster proxy to reach cloud APIs. With this release, fixes are in place to prevent these issues. (link:https://issues.redhat.com/browse/OCPBUGS-51050[*~~OCPBUGS-51050~~*])

Show
* Previously, when you created a cluster with secure proxy enabled and the certificate configuration is set to `configuration.proxy.trustCA`, the cluster installation failed. Additionally, the OpenShift OAuth API server could not use the management cluster proxy to reach cloud APIs. With this release, fixes are in place to prevent these issues. (link: https://issues.redhat.com/browse/OCPBUGS-51050 [* OCPBUGS-51050 *])
Release Note Type:
Bug Fix
Release Note Status:
Done
Target Version:

4.18.z
Target Backport Versions:

4.14.z, 4.15.z, 4.17.z, 4.16.z, 4.18.0

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

PX Impact Score:

Description of problem:

When the cluster is created with a secure proxy enabled, and certificate is set in configuration.proxy.trustCA, the cluster fails to complete provisioning.
4.19.0-0.nightly-2024-12-10-040415

Version-Release number of selected component (if applicable):

How reproducible:

    always

Steps to Reproduce:

    1. Create a cluster with a secure proxy, certificate is set in .spec.configuration.proxy.trustCA.
    3.

Actual results:

    cluster does not complete provisioning

Expected results:

    cluster completes

Additional info:

    root cause is that certificate in additionalTrustBunlde isn't propagated into ingress proxy. 
slack:
https://redhat-internal.slack.com/archives/G01QS0P2F6W/p1734047816669079?thread_ts=1734023627.636019&cid=G01QS0P2F6W

clones

OCPBUGS-48619 Cluster fails to complete provisioning when using proxy with custom trust bundle

Verified

depends on

OCPBUGS-48619 Cluster fails to complete provisioning when using proxy with custom trust bundle

Verified

is cloned by

OCPBUGS-51098 Cluster fails to complete provisioning when using proxy with custom trust bundle

Closed

is depended on by

OCPBUGS-51098 Cluster fails to complete provisioning when using proxy with custom trust bundle

Closed

links to

[KB Solution 7111924]

openshift/hypershift#5525: OCPBUGS-48619: Add HostedCluster additional trustbundles to konnectivity-https-proxy

openshift/hypershift#5667: OCPBUGS-51050: Add HostedCluster additional trustbundles to konnectivity-https-proxy

RHBA-2025:1904 OpenShift Container Platform 4.18.z bug fix update

RHEA-2024:11038 OpenShift Container Platform 4.19.z bug fix update

(4 links to)

Assignee:: Alberto Garcia Lamela

Reporter:: Jie Zhao

QA Contact:: Jie Zhao

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Created:: 2025/02/19 2:14 PM

Updated:: 2025/03/19 4:17 PM

Resolved:: 2025/03/04 5:11 PM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates