Major Originally filed in https://bugzilla.redhat.com/show_bug.cgi?id=1801913
Description of problem:
I installed the latest Openshift 4.3 version, and I used a custom ingress cert following the documentation here [1].
The proxy sidecar from the console-cr-form appear to not be receiving the custom trust bundle. This issue looks to be very similar to what we saw here [2]
[1] https://docs.openshift.com/container-platform/4.3/authentication/certificates/replacing-default-ingress-certificate.html
[2] https://bugzilla.redhat.com/show_bug.cgi?id=1766181
Version-Release number of selected component (if applicable):
OCP4.3
Business Automation Operator is 1.3.0
How reproducible:
100% of time when using a custom ingress certificate
Steps to Reproduce:
1. Follow steps here to replace the default ingress certificate: https://docs.openshift.com/container-platform/4.3/authentication/certificates/replacing-default-ingress-certificate.html
2. Try to authenticate to https://console-cr-form-newcastle-devel.apps.paas.dev.psi.redhat.com
Actual results:
Browser error "500 Internal Error"
- oauth-proxy container error
oc logs console-cr-form -c oauth-proxy
...
2020/02/10 15:19:28 oauthproxy.go:649: error redeeming code (client:172.129.4.1:40568): Post https://oauth-openshift.apps.ocp.prod.psi.redhat.com/oauth/token: x509: certificate signed by unknown authority
2020/02/10 15:19:28 oauthproxy.go:439: ErrorPage 500 Internal Error Internal Error
Expected results:
No 500 error after login
- oauth-proxy container success example
oc logs console-cr-form -c oauth-proxy
...
2020/02/11 21:53:42 oauthproxy.go:679: 10.131.0.1:51390 authentication complete Session {kube:admin@cluster.local token:true}
Additional info:
