Bug 1743728

Summary: 4.2.0-0.nightly-2019-08-19-161103 install completes with invalid URL for console on Azure
Product: OpenShift Container Platform Reporter: Mike Gahagan <mgahagan>
Component: Cloud Credential OperatorAssignee: Devan Goodwin <dgoodwin>
Status: CLOSED ERRATA QA Contact: Oleg Nesterov <olnester>
Severity: high Docs Contact:
Priority: unspecified    
Version: 4.2.0CC: jerzhang, jialiu, nstielau
Target Milestone: ---Keywords: Regression
Target Release: 4.2.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-10-16 06:36:40 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Mike Gahagan 2019-08-20 14:39:07 UTC 
Description of problem:

Openshift-install successfully creates cluster but the dns name of the console URL is invalid. This is a regression compared to nightlys from the previous week.

Version-Release number of the following components:
openshift-install-4.2.0-0.nightly-2019-08-19-161103


How reproducible:
always
Steps to Reproduce:
1. Install cluster on Azure (used centralus region but not sure that matters)
2. try to use web console url which fails because the hostname does not resolve
3.

Actual results:

[m@dhcp145-160 42_azure_install]$ ./openshift-install create cluster --dir cluster/mgahagan-092008
<snip>
INFO Creating infrastructure resources...         
INFO Waiting up to 30m0s for the Kubernetes API at https://api.mgahagan-092008.qe.azure.devcluster.openshift.com:6443... 
INFO API v1.14.0+40a2047 up                       
INFO Waiting up to 30m0s for bootstrapping to complete... 
INFO Destroying the bootstrap resources...        
INFO Waiting up to 30m0s for the cluster at https://api.mgahagan-092008.qe.azure.devcluster.openshift.com:6443 to initialize... 
INFO Waiting up to 10m0s for the openshift-console route to be created... 
INFO Install complete!                            
INFO To access the cluster as the system:admin user when using 'oc', run 'export KUBECONFIG=/home/m/42_azure_install/cluster/mgahagan-092008/auth/kubeconfig' 
INFO Access the OpenShift web-console here: https://console-openshift-console.apps.mgahagan-092008.qe.azure.devcluster.openshift.com 
INFO Login to the console with user: kubeadmin, password: 6zHBn-tpFnS-SM3DR-GAkkH 
[m@dhcp145-160 42_azure_install]$ host api.mgahagan-092008.qe.azure.devcluster.openshift.com
api.mgahagan-092008.qe.azure.devcluster.openshift.com is an alias for mgahagan-092008-9m88c.centralus.cloudapp.azure.com.
mgahagan-092008-9m88c.centralus.cloudapp.azure.com has address 13.86.124.159
[m@dhcp145-160 42_azure_install]$ host console-openshift-console.apps.mgahagan-092008.qe.azure.devcluster.openshift.com
Host console-openshift-console.apps.mgahagan-092008.qe.azure.devcluster.openshift.com not found: 3(NXDOMAIN)

cluster is functional using oc and other related tools

Expected results:

web console is resolvable.
Comment 1 Abhinav Dahiya 2019-08-20 16:34:02 UTC 
*** Bug 1741957 has been marked as a duplicate of this bug. ***
Comment 2 Abhinav Dahiya 2019-08-20 16:35:48 UTC 
> https://bugzilla.redhat.com/show_bug.cgi?id=1741957#c2

cred-minter is providing ingress credentials that do have access to the public DNS zone in a separate resource group from the cluster's resource group.
Comment 3 Miciah Dashiel Butler Masters 2019-08-21 00:57:33 UTC 
*** Bug 1734167 has been marked as a duplicate of this bug. ***
Comment 4 Nick Stielau 2019-08-21 21:50:18 UTC 
Was the fix here code in cred-minter, or using a different credential?

This is kind of by-design with the new cred minter right? You can't isolate credentials and have them reach externally as well, can you?
Comment 6 Oleg Nesterov 2019-08-23 04:59:48 UTC 
Verified on 4.2.0-0.nightly-2019-08-22-201424
Comment 7 errata-xmlrpc 2019-10-16 06:36:40 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2019:2922