Bug 1874529
| Summary: | Configuring custom certificate for default console route | ||
|---|---|---|---|
| Product: | OpenShift Container Platform | Reporter: | OpenShift BugZilla Robot <openshift-bugzilla-robot> |
| Component: | Management Console | Assignee: | Jakub Hadvig <jhadvig> |
| Status: | CLOSED ERRATA | QA Contact: | Yadan Pei <yapei> |
| Severity: | urgent | Docs Contact: | |
| Priority: | urgent | ||
| Version: | 4.5 | CC: | aos-bugs, jhadvig, jokerman, kvatteka, rpalathi, spadgett, sttts, yapei |
| Target Milestone: | --- | ||
| Target Release: | 4.5.z | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2020-09-14 14:54:27 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1870514 | ||
| Bug Blocks: | |||
|
Comment 1
Jakub Hadvig
2020-09-03 07:42:17 UTC
1. Patch console.operator/cluster with the default console route
$ oc patch consoles.operator.openshift.io cluster --patch '{"spec":{"route":{"hostname”:”<console_default_route>“}}}’ --type=merge
In console-operator logs we can see:
E0903 05:38:53.700428 1 status.go:78] CustomRouteSyncDegraded InvalidCustomRouteConfig custom route hostname is duplicate of the default route hostname
E0903 05:38:53.700831 1 controller.go:395] console-route-sync--work-queue-key failed with : custom route hostname is duplicate of the default route hostname
2. Do not patch console.operator/cluster with the default console route, only add custom secret
$ oc create secret tls console-serving-cert --cert=./apps.crt --key=./apps.key -n openshift-config
$ oc patch consoles.operator.openshift.io cluster --patch '{"spec":{"route":{"secret":{"name":"console-serving-cert"}}}}' --type=merge
I didn’t see new console pods are created, only the serving certificate is changed to the customized one(viewing certificate info via browser)
Verified on 4.5.0-0.nightly-2020-09-08-123650
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (OpenShift Container Platform 4.5.9 bug fix update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:3618 |