Bug 1836939

Summary: Wrong serverName for certificate on /metrics endpoint
Product: OpenShift Container Platform Reporter: Jakub Hadvig <jhadvig>
Component: Management ConsoleAssignee: Jakub Hadvig <jhadvig>
Status: CLOSED ERRATA QA Contact: Yadan Pei <yapei>
Severity: urgent Docs Contact:
Priority: unspecified    
Version: 4.3.zCC: aos-bugs, hasha, jokerman
Target Milestone: ---   
Target Release: 4.3.z   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Cause: Incorrect handling of cert rotation. Consequence: /metrics endpoint cannot be scraped by prometheus due to incorrect serverName in TLS cert. Fix: Bump go dependencies in the console-operator repo to pick up latest changes in the library-go. Result: /metrics endpoint can be scraped by prometheus.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2020-06-17 20:28:32 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1836938    
Bug Blocks:    

Description Jakub Hadvig 2020-05-18 14:18:14 UTC 
This bug was initially created as a copy of Bug #1818772

I am copying this bug because: 



Description of problem:
/metrics endpoint cannot be scraped by prometheus due to incorrect serverName in TLS cert.

Version-Release number of selected component (if applicable):
4.5

How reproducible:
often

Steps to Reproduce:
1. Start a cluster
2. Go to prometheus targets page
3. Scroll to openshift-console-operator/console-operator/0

Actual results:
Target is down due to:
Get https://10.128.0.32:8443/metrics: x509: certificate is valid for localhost, not metrics.openshift-console-operator.svc

Expected results:
Target is up

Additional info:
Comment 3 shahan 2020-05-28 06:46:33 UTC 
goto https://promethus-route/target page check the  there's no errors
4.3.0-0.ci-2020-05-28-001228
Comment 7 errata-xmlrpc 2020-06-17 20:28:32 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:2436