Bug 1811216

Summary: Authentication operator can remain progressing with unclear message
Product: OpenShift Container Platform Reporter: Adam Kaplan <adam.kaplan>
Component: apiserver-authAssignee: Stefan Schimanski <sttts>
Status: CLOSED WONTFIX QA Contact: scheng
Severity: low Docs Contact:
Priority: low    
Version: 4.3.0CC: aos-bugs, mfojtik
Target Milestone: ---Flags: adam.kaplan: needinfo-
Target Release: 4.5.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-05-26 11:05:19 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Adam Kaplan 2020-03-06 21:18:34 UTC 
Description of problem:

During installation or upgrade, the authentication operator can remain progressing while waiting for the .well_known endpoint to be served by the kube-apiserver. The message is typically of the form:

```
Progressing: got '404 Not Found' status while trying to GET the OAuth well-known https://10.0.0.17:6443/.well-known/oauth-authorization-server endpoint data
```

which does not indicate the true underlying cause (all nodes are not available)



Version-Release number of selected component (if applicable): 4.3.0


How reproducible: Sometimes (on install timeout)


Steps to Reproduce:

1. Install openshift on a cluster whose nodes do not all become available.
2. View the authentication operator progressing message.

Actual results:

Progressing: got '404 Not Found' status while trying to GET the OAuth well-known https://10.0.0.17:6443/.well-known/oauth-authorization-server endpoint data

Expected results:

An actionable message, such as "Could not find the OAuth well-known endpoint. Please verify that all nodes and the kube-apiserver are available."

Additional info:

https://bugzilla.redhat.com/show_bug.cgi?id=1789658#c3
https://prow.svc.ci.openshift.org/view/gcs/origin-ci-test/logs/release-openshift-ocp-installer-e2e-openstack-serial-4.3/777
Comment 1 Michal Fojtik 2020-05-12 10:32:57 UTC 
This bug hasn't had any activity in the last 30 days. Maybe the problem got resolved, was a duplicate of something else, or became less pressing for some reason - or maybe it's still relevant but just hasn't been looked at yet.

As such, we're marking this bug as "LifecycleStale" and decreasing severity from "medium" to "low".

If you have further information on the current state of the bug, please update it, otherwise this bug will be automatically closed in 7 days. The information can be, for example, that the problem still occurs, that you still want the feature, that more information is needed, or that the bug is (for whatever reason) no longer relevant.
Comment 2 Michal Fojtik 2020-05-26 11:05:19 UTC 
This bug hasn't had any activity 7 days after it was marked as LifecycleStale, so we are closing this bug as WONTFIX. If you consider this bug still valuable, please reopen it or create new bug.