After upgrading OpenShift from 4.16.40 (and also verified on 4.16.45) to 4.16.46 or 4.16.47, OAuth logins via the console fail intermittently when multiple master nodes are running. The login page reloads multiple times before eventually succeeding. This issue is only seen in the console (with LDAP provider) and does not occur with CLI logins. The problem disappears when traffic is routed to a single master node. Clusters freshly installed at version 4.16.46 also show the same behavior, while versions up to 4.16.45 are unaffected.

Affected: 4.16.46, 4.16.47
Not affected: 4.16.40, 4.16.45    

Only reproducible for customer environments.


Customer currently facing this issue on 3 different clusters, upgraded at different times.


Not reproducible in our internal environments.

 Upgrade or install OpenShift cluster at version 4.16.46 or 4.16.47.


Configure cluster with OAuth (LDAP provider) and standard load balancing across multiple master nodes (3-route setup via F5 BigIP as described).


Attempt login to the web console.


     

    Login page reloads multiple times and login frequently fails. After several attempts, login eventually succeeds.

    OAuth login via console should succeed consistently without retries, as in 4.16.45 and earlier.

    Issue observed only in web console, not CLI.


Issue disappears if traffic is routed to a single master node.


Same behavior confirmed in 3 separate customer clusters.


Cluster setup involves exceptional but validated load balancing configuration:


Ingress route via F5 (SSL Bridge/Re-encrypt termination with internal DHL PKI certs).


API route via F5 (passthrough termination with internal DHL PKI certs).


OAuth route via F5 (passthrough termination with installation-generated self-signed cert).