Bug 1468308

Summary: [3.5] Hawkular Metrics cannot handle connecting to the Kubernetes Master when the ca.crt contains multiple certificates.
Product: OpenShift Container Platform Reporter: Matt Wringe <mwringe>
Component: HawkularAssignee: Matt Wringe <mwringe>
Status: CLOSED ERRATA QA Contact: Junqi Zhao <juzhao>
Severity: urgent Docs Contact:
Priority: urgent    
Version: 3.5.1CC: aos-bugs, eparis, erjones, jcantril, jtakvori, juzhao, mcurry, mwringe, robbaron, stwalter, tkimura, wsun
Target Milestone: ---   
Target Release: 3.5.z   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 1461635
: 1468309 (view as bug list) Environment:
Last Closed: 2017-08-31 17:00:23 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1447463, 1461635, 1479930    
Bug Blocks: 1468309    
Attachments:
Description Flags
metrics diagram could be viewed form web console none

Comment 2 Junqi Zhao 2017-07-10 02:12:19 UTC 
Verify step is the same as 
https://bugzilla.redhat.com/show_bug.cgi?id=1447463#c64

Verification steps:
1. Add the example certificate before and after /etc/origin/master/ca-bundle.crt.
2. Restart server and deploy metrics 3.5 by using images from brew registry.
3. oc rsh ${HAWKULAR_METRICS_PODS};
   cat /var/run/secrets/kubernetes.io/serviceaccount/ca.crt

/var/run/secrets/kubernetes.io/serviceaccount/ca.crt is the same with /etc/origin/master/ca-bundle.crt.

4. Login web console, metrics can  be viewed, see the attached web UI snapshot

Testing env:
# openshift version
openshift v3.5.5.31
kubernetes v1.5.2+43a9be4
etcd 3.1.0

Imags from brew registry, metrics-hawkular-metrics latest image version is 3.5.0-25
metrics-hawkular-metrics   3.5.0-25            bba7b194fec5        3 days ago          1.27 GB
metrics-hawkular-metrics   v3.5                bba7b194fec5        3 days ago          1.27 GB
metrics-heapster           v3.5                4e29df6bda85        10 days ago         318.5 MB
metrics-cassandra          v3.5                15a64aac8593        10 days ago         540.5 MB
Comment 3 Junqi Zhao 2017-07-10 02:12:40 UTC 
Created attachment 1295668 [details]
metrics diagram could be viewed form web console
Comment 4 Matt Wringe 2017-07-11 13:39:18 UTC 
*** Bug 1468350 has been marked as a duplicate of this bug. ***
Comment 6 Junqi Zhao 2017-07-25 01:34:48 UTC 
Same verification steps as Comment 2, login web console, metrics can  be viewed, Hawkular Metrics can handle connecting to the Kubernetes Master when the ca.crt contains multiple certificates now.

Testing env:
# openshift version
openshift v3.5.5.31.6
kubernetes v1.5.2+43a9be4
etcd 3.1.0

Imags from brew registry
metrics-heapster           3.5.0-19            f63b87cf243e        7 days ago          318.5 MB
metrics-hawkular-metrics   3.5.0-27            9d5c95075825        7 days ago          1.27 GB
metrics-cassandra          3.5.0-25            01c3f73189f0        7 days ago          540.6 MB
Comment 8 errata-xmlrpc 2017-08-31 17:00:23 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2017:1828