Bug 1692842

Summary: auth clusteroperator reports integrated-oauth-server failing at install: certificate signed by unknown authority
Product: OpenShift Container Platform Reporter: Jay Boyd <jaboyd>
Component: apiserver-authAssignee: Erica von Buelow <evb>
Status: CLOSED DUPLICATE QA Contact: Chuan Yu <chuyu>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 4.1.0CC: aos-bugs, jaboyd, jokerman, mmccomas, slaznick
Target Milestone: ---   
Target Release: 4.1.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-03-26 16:48:02 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Jay Boyd 2019-03-26 14:33:42 UTC 
Failing: error checking payload readiness: unable to check route health: x509: certificate signed by unknown authority

Description of problem:


Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:
Comment 1 Jay Boyd 2019-03-26 14:38:43 UTC 
apologies for incomplete description.

This error is seen three times in the last several hours in OCP builds from https://openshift-release.svc.ci.openshift.org/

from clusteroperators.json in artifacts/e2e-aws/clusteroperators.json:

integrated-oauth-server operator Failing: "Failing: error checking payload readiness: unable to check route health: x509: certificate signed by unknown authority"

https://openshift-release.svc.ci.openshift.org/releasestream/4.0.0-0.ci/release/4.0.0-0.ci-2019-03-26-131833
failed aws-serial test


https://openshift-release.svc.ci.openshift.org/releasestream/4.0.0-0.ci/release/4.0.0-0.ci-2019-03-26-114325
passed aws but failed aws-serial test


https://openshift-release.svc.ci.openshift.org/releasestream/4.0.0-0.ci/release/4.0.0-0.ci-2019-03-26-032424
passed aws-serial, failed aws
Comment 2 Standa Laznicka 2019-03-26 15:54:31 UTC 
kube-controller-manager is dead, authentication-operator dies because of that. Authentication-operator's failure will be fixed as a part of https://bugzilla.redhat.com/show_bug.cgi?id=1692408 because there's a way around that. Forwarding to master team for the kube-* components fails.
Comment 3 Standa Laznicka 2019-03-26 16:48:02 UTC 
Actually, never mind, I only checked kube-controller-manager in one of those runs, and while it was failing, lets close this as a dupe of https://bugzilla.redhat.com/show_bug.cgi?id=1692408

*** This bug has been marked as a duplicate of bug 1692408 ***