Bug 1835483
Summary: | No TLS certs available for HTTPS metrics | ||
---|---|---|---|
Product: | OpenShift Container Platform | Reporter: | OpenShift BugZilla Robot <openshift-bugzilla-robot> |
Component: | Cluster Version Operator | Assignee: | Jack Ottofaro <jack.ottofaro> |
Status: | CLOSED ERRATA | QA Contact: | liujia <jiajliu> |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | 4.4 | CC: | aos-bugs, jokerman, wking |
Target Milestone: | --- | ||
Target Release: | 4.4.z | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: |
Cause: The cluster-version operator should serve metrics over HTTPS. To do that, it needs a TLS key and certificate.
Consequence: Without a TLS key and certificate, cluster-version operators which expect them to be in place will crash loop.
Fix: Add a service annotation in 4.4.z (this bug), so the 4.4 monitoring operator will create the TLS key and certificate.
Result: When an update from future 4.4.z to 4.5 is initiated, the incoming 4.5 cluster version operator will have the TLS key and certificate that it needs to start serving metrics over HTTPS.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2020-06-02 11:18:33 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1834568 | ||
Bug Blocks: |
Description
OpenShift BugZilla Robot
2020-05-13 22:05:54 UTC
Version: 4.4.0-0.nightly-2020-05-24-193742 Fresh installation: # ./oc get clusterversion NAME VERSION AVAILABLE PROGRESSING SINCE STATUS version 4.4.0-0.nightly-2020-05-24-193742 True False 2m24s Cluster version is 4.4.0-0.nightly-2020-05-24-193742 # ./oc get secrets cluster-version-operator-serving-cert -n openshift-cluster-version NAME TYPE DATA AGE cluster-version-operator-serving-cert kubernetes.io/tls 2 15m # ./oc get service/cluster-version-operator -o json -n openshift-cluster-version|jq .metadata.annotations { "exclude.release.openshift.io/internal-openshift-hosted": "true", "service.alpha.openshift.io/serving-cert-signed-by": "openshift-service-serving-signer@1590377080", "service.beta.openshift.io/serving-cert-secret-name": "cluster-version-operator-serving-cert", "service.beta.openshift.io/serving-cert-signed-by": "openshift-service-serving-signer@1590377080" } Upgrade from old v4.4 to latest v4.4: Before upgrade: # ./oc get clusterversion NAME VERSION AVAILABLE PROGRESSING SINCE STATUS version 4.4.5 True False 5m24s Cluster version is 4.4.5 # ./oc get secrets cluster-version-operator-serving-cert -n openshift-cluster-version Error from server (NotFound): secrets "cluster-version-operator-serving-cert" not found After upgrade: # ./oc get clusterversion NAME VERSION AVAILABLE PROGRESSING SINCE STATUS version 4.4.0-0.nightly-2020-05-24-193742 True False 79m Cluster version is 4.4.0-0.nightly-2020-05-24-193742 # ./oc get secrets cluster-version-operator-serving-cert -n openshift-cluster-versionNAME TYPE DATA AGE cluster-version-operator-serving-cert kubernetes.io/tls 2 120m Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:2310 |