Bug 1870514
Summary: | Configuring custom certificate for default console route | ||
---|---|---|---|
Product: | OpenShift Container Platform | Reporter: | Rahul Rajendran <rpalathi> |
Component: | Management Console | Assignee: | Jakub Hadvig <jhadvig> |
Status: | CLOSED ERRATA | QA Contact: | Yadan Pei <yapei> |
Severity: | urgent | Docs Contact: | |
Priority: | urgent | ||
Version: | 4.5 | CC: | aos-bugs, jhadvig, jokerman, kvatteka, rpalathi, spadgett, sttts, yapei |
Target Milestone: | --- | ||
Target Release: | 4.6.0 | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2020-10-27 16:29:46 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 1874529, 1874533 |
Description
Rahul Rajendran
2020-08-20 09:27:31 UTC
1. Patch console.operator/cluster with the default console route $ oc patch consoles.operator.openshift.io cluster --patch '{"spec":{"route":{"hostname”:”<console_default_route>“}}}’ --type=merge In console-operator logs we can see: E0903 05:38:53.700428 1 status.go:78] CustomRouteSyncDegraded InvalidCustomRouteConfig custom route hostname is duplicate of the default route hostname E0903 05:38:53.700831 1 controller.go:395] console-route-sync--work-queue-key failed with : custom route hostname is duplicate of the default route hostname 2. Do not patch console.operator/cluster with the default console route, only add custom secret $ oc create secret tls console-serving-cert --cert=./apps.crt --key=./apps.key -n openshift-config $ oc patch consoles.operator.openshift.io cluster --patch '{"spec":{"route":{"secret":{"name":"console-serving-cert"}}}}' --type=merge I didn’t see new console pods are created, only the serving certificate is changed to the customized one(viewing certificate info via browser) I'd like to confirm are these all expected? Per my understanding they look correct, but I'd like to double confirm since it is very important bug Yes if the admin wants to set a custom TSL cert for the default route, he only changes `spec.route.secret.name` field. Otherwise if he sets a duplicate hostname the operator will get degraded since there cant be two routes pointing to the same hostname. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (OpenShift Container Platform 4.6 GA Images), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:4196 |