Uploaded image for project: 'OpenShift Pipelines'
  1. OpenShift Pipelines
  2. SRVKP-3500

CA certs in ClusterInterceptors are not updated correctly

XMLWordPrintable

    • 2
    • False
    • None
    • False
    • Triggers core interceptor now create secrets whenever its necessary
    • Pipelines Sprint 251, Pipelines Sprint 252

      Description of problem:

      Eventlistener pod logs complain about the CA trust issue connecting to tekton trigger:

      x509: certificate signed by unknown authority (possibly because of \"x509: ECDSA verification failure\" while trying to verify candidate authority certificate \"tekton-triggers-core-interceptors.openshift-pipelines.svc\")","

      When checked  `spec.clientConfig.caBundle` in clusterinterceptor, the value differs from the `ca-cert.pem`  value in  secret `tekton-triggers-core-interceptors-certs`

      Workaround

      Following below KCS works but when the nodes are restarted, the issue reappears.
      https://access.redhat.com/solutions/7024276

      Prerequisites (if any, like setup, operators/versions):

      Steps to Reproduce

       # <steps>

       

      Actual results:

      The CA certs are not updated correctly in the ClusterInterceptors after node reboot.

      Expected results:

      **

      The CA certs should get updated correctly in the ClusterInterceptors after node reboot.

       

      Reproducibility (Always/Intermittent/Only Once):

      Acceptance criteria: 

       

      Definition of Done:

      Build Details:

      Additional info (Such as Logs, Screenshots, etc):

       

       *

              sashture Savita .
              rhn-support-jyarora Jyotsana Arora
              Piyush Garg Piyush Garg
              Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

                Created:
                Updated:
                Resolved: