Loading...

XML

Word

Printable

Type: Bug
Resolution: Unresolved
Priority: Undefined
Fix Version/s: None
Affects Version/s: 4.21
Component/s: OLM
Labels:
- olmv1

Activity Type:
None
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Story Points:
None
Severity:
None
Regression:
None

Target Backport Versions:
None
Target Version:
None
Release Blocker:
Rejected
Sprint:
None

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

PX Impact Score:

Release Note Status:
None
Release Note Type:
None
Release Note Text:
None

Escape Reason:
None
Escape Impact:
None
Corrective Measures:
None
SDLC stage when should've been found:
None

Description of problem:

2025/11/23 05:52:56 http: TLS handshake error from 10.128.0.20:36632: remote error: tls: bad certificate
2025/11/23 05:52:57 http: TLS handshake error from 10.128.0.20:36634: remote error: tls: bad certificate
2025/11/23 05:52:59 http: TLS handshake error from 10.128.0.20:36642: remote error: tls: bad certificate

~ > oc apply -f bgppeer.yml 
Error from server (InternalError): error when creating "bgppeer.yml": Internal error occurred: failed calling webhook "bgppeersvalidationwebhook.metallb.io": failed to call webhook: Post "https://metallb-operator-webhook-server-service.metallb-system.svc:443/validate-metallb-io-v1beta2-bgppeer?timeout=10s": tls: failed to verify certificate: x509: certificate is valid for webhook-service.metallb-system.svc, webhook-service.metallb-system.svc.cluster.local, not metallb-operator-webhook-server-service.metallb-system.svc

~ > oc get node
NAME                                         STATUS   ROLES                  AGE    VERSION
ip-10-0-108-221.us-west-1.compute.internal   Ready    control-plane,master   129m   v1.34.1
ip-10-0-124-95.us-west-1.compute.internal    Ready    control-plane,master   129m   v1.34.1
ip-10-0-29-77.us-west-1.compute.internal     Ready    worker                 113m   v1.34.1
ip-10-0-61-28.us-west-1.compute.internal     Ready    control-plane,master   127m   v1.34.1
ip-10-0-84-214.us-west-1.compute.internal    Ready    worker                 121m   v1.34.1
ip-10-0-91-85.us-west-1.compute.internal     Ready    worker                 113m   v1.34.1

~ > oc version
Kustomize Version: v5.0.4-0.20230601165947-6ce0bf390ce3
Server Version: 4.21.0-0.nightly-2025-11-15-144034
Kubernetes Version: v1.34.1

~ > oc get clusterextensions.olm.operatorframework.io -A
NAME               INSTALLED BUNDLE                        VERSION               INSTALLED   PROGRESSING   AGE
metallb-operator   metallb-operator.v4.21.0-202511040653   4.21.0-202511040653   True        True          41m

Version-Release number of selected component (if applicable):

How reproducible:
100

Steps to Reproduce:
1. Install metallb operator via olmv1
2. Apply metallb CR
3. Apply BGPpeer CR
Actual results:

Expected results:

Additional info:

~ > cat clastercatalogmetallb.yml 
apiVersion: olm.operatorframework.io/v1
kind: ClusterCatalog
metadata:
  name: metallb-konflux
spec:
  source:
    type: Image
    image:
      ref: quay.io/redhat-user-workloads/ocp-art-tenant/art-fbc:ocp__4.21__metallb-rhel9-operator 
    pollIntervalMinutes: 10

apiVersion: config.openshift.io/v1
kind: ImageDigestMirrorSet
metadata:
  name: metallb-internal-idms
spec:
  imageDigestMirrors:
  - mirrors:
    - quay.io/redhat-user-workloads/ocp-art-tenant/art-images-share
    source: registry.redhat.io/openshift4/frr-rhel9
  - mirrors:
    - quay.io/redhat-user-workloads/ocp-art-tenant/art-images-share
    source: registry.redhat.io/openshift4/metallb-rhel9
  - mirrors:
    - quay.io/redhat-user-workloads/ocp-art-tenant/art-images-share
    source: registry.redhat.io/openshift4/metallb-rhel9-operator
  - mirrors:
    - quay.io/redhat-user-workloads/ocp-art-tenant/art-images-share
    source: registry.redhat.io/openshift4/ose-kube-rbac-proxy-rhel9
  - mirrors:
    - quay.io/redhat-user-workloads/ocp-art-tenant/art-images-share
    source: registry.redhat.io/openshift4/ose-metallb-operator-bundle

---
apiVersion: v1
kind: Namespace
metadata:
  name: metallb-system
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: metallb-operator-installer
  namespace: metallb-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: metallb-operator-installer-binding
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: metallb-operator-installer
  namespace: metallb-system
---
apiVersion: olm.operatorframework.io/v1
kind: ClusterExtension
metadata:
  name: metallb-operator
spec:
  namespace: metallb-system
  serviceAccount:
    name: metallb-operator-installer
  source:
    sourceType: Catalog
    catalog:
      packageName: metallb-operator
      selector:
        matchLabels:
          olm.operatorframework.io/metadata.name: metallb-konflux
      channel: stable





~ > cat bgppeer.yml 
apiVersion: metallb.io/v1beta2
kind: BGPPeer
metadata:
  name: testpeer1
  namespace: metallb-system
spec:
  bfdProfile: bfdprofile
  disableMP: false
  myASN: 64500
  password: bgp-test
  passwordSecret: {}
  peerASN: 64501
  peerAddress: 10.46.77.1
  peerPort: 179
  disableMP: true

Assignee:: Catherine Chan-Tse

Reporter:: Evgeny Levin

Need Info From:: None

Contributors:: None

QA Contact:: bruno andrade

Doc Contact:: None

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Created:: 2025/11/24 2:23 PM

Updated:: 2025/11/25 12:37 AM

Details

Description

Attachments

Easy Agile Planning Poker

Activity

People

Dates