Bug 1687931
| Summary: | Custom serving certificate configured for default IngressController is not propagated to authentication endpoint when secret is created after changing the config | ||||||
|---|---|---|---|---|---|---|---|
| Product: | OpenShift Container Platform | Reporter: | Cesar Wong <cewong> | ||||
| Component: | Networking | Assignee: | Miciah Dashiel Butler Masters <mmasters> | ||||
| Networking sub component: | router | QA Contact: | Hongan Li <hongli> | ||||
| Status: | CLOSED ERRATA | Docs Contact: | |||||
| Severity: | medium | ||||||
| Priority: | medium | CC: | aos-bugs, cewong, mkhan, wkulhane | ||||
| Version: | 4.1.0 | ||||||
| Target Milestone: | --- | ||||||
| Target Release: | 4.1.0 | ||||||
| Hardware: | All | ||||||
| OS: | Linux | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | No Doc Update | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2019-06-04 10:45:33 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
Created attachment 1543296 [details]
ingress-operator log
Updated Steps to Reproduce:
1. Edit ingresscontroller/default and add reference to serving cert:
spec:
defaultCertificate:
name: servingcert
2. Place serving cert secret (servingcert) in openshift-ingress namespace
3. Wait for ingress to restart and become available. Navigate to the console
URL on a browser
will verify with next nightly build which contains the fix. verified with 4.0.0-0.nightly-2019-03-23-222829 and the issue has been fixed. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2019:0758 |
Description of problem: A custom serving cert is configured for ingresscontroller/default in the openshift-ingress-operator namespace. The certificate is not getting propagated to the auth endpoint. This results in the openshift console URL initially hitting a valid certificate but the falling back to the self-signed certificate when redirecting to the auth endpoint. Version-Release number of selected component (if applicable): Cluster version is 4.0.0-0.alpha-2019-03-12-052340 How reproducible: Always Steps to Reproduce: 1. Place serving cert secret (servingcert) in openshift-ingress namespace 2. Edit ingresscontroller/default and add reference to serving cert: spec: defaultCertificate: name: servingcert 3. Wait for ingress to restart and become available. Navigate to the console URL on a browser. Actual results: You are still prompted about invalid certificates when the console redirects to the auth endpoint. Expected results: Both the console and the auth endpoint use the new, valid serving cert. Additional info: