Bug 1901379
| Summary: | tls: unknown certificate error from router | ||
|---|---|---|---|
| Product: | OpenShift Container Platform | Reporter: | Seunghwan Jung <jseunghw> |
| Component: | oauth-apiserver | Assignee: | Standa Laznicka <slaznick> |
| Status: | CLOSED WORKSFORME | QA Contact: | Xingxing Xia <xxia> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 4.5 | CC: | aconstan, aos-bugs, mfojtik |
| Target Milestone: | --- | Keywords: | Reopened, UpcomingSprint |
| Target Release: | 4.7.0 | ||
| Hardware: | x86_64 | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2020-12-07 15:23:56 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
They see those errors because they use an outdated client. *** This bug has been marked as a duplicate of bug 1819688 *** I was not able to reproduce the issue with the latest oc built from release-4.5 branch. Please make sure every workstation uses updated oc, that should make the issue go away. |
Description of problem: TLS handshake from Router to Qauth is failing on OCP 4.5. .. openshift-authentication/pods/oauth-openshift-854c86dfff-z4dz7/oauth-openshift/oauth-openshift/logs/current.log:2020-11-17T10:45:58.664527365+09:00 I1117 01:45:58.664471 1 log.go:172] http: TLS handshake error from 172.31.12.1:55708: remote error: tls: unknown certificate openshift-authentication/pods/oauth-openshift-854c86dfff-z4dz7/oauth-openshift/oauth-openshift/logs/current.log:2020-11-17T10:45:58.666104198+09:00 I1117 01:45:58.666081 1 log.go:172] http: TLS handshake error from 172.31.12.1:55710: remote error: tls: unknown certificate .. openshift-authentication/pods/oauth-openshift-854c86dfff-z4dz7/oauth-openshift/oauth-openshift/logs/current.log:2020-11-16T01:20:33.825110927+09:00 I1115 16:20:33.825089 1 log.go:172] http: TLS handshake error from 172.31.3.1:41454: remote error: tls: unknown certificate openshift-authentication/pods/oauth-openshift-854c86dfff-z4dz7/oauth-openshift/oauth-openshift/logs/current.log:2020-11-16T01:20:37.180136872+09:00 I1115 16:20:37.180081 1 log.go:172] http: TLS handshake error from 172.31.3.1:41646: remote error: tls: unknown certificate openshift-authentication/pods/oauth-openshift-854c86dfff-z4dz7/oauth-openshift/oauth-openshift/logs/current.log:2020-11-16T10:06:59.780621963+09:00 I1116 01:06:59.780563 1 log.go:172] http: TLS handshake error from 172.31.3.1:42900: remote error: tls: unknown certificate openshift-authentication/pods/oauth-openshift-854c86dfff-z4dz7/oauth-openshift/oauth-openshift/logs/current.log:2020-11-16T10:06:59.811020819+09:00 I1116 01:06:59.810959 1 log.go:172] http: TLS handshake error from 172.31.3.1:42904: EOF .. ~~~~~~~~~~~~~~~~~~~~~ Version-Release number of selected component (if applicable): 172.31.3.1 and 172.31.12.1 are router IPs Here you can see 172.31.12.1 is tun0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 10: tun0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UNKNOWN group default qlen 1000 link/ether 56:f9:42:d7:35:ed brd ff:ff:ff:ff:ff:ff inet 172.31.12.1/25 brd 172.31.12.127 scope global tun0 valid_lft forever preferred_lft forever inet6 fe80::54f9:42ff:fed7:35ed/64 scope link valid_lft forever preferred_lft forever ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ** oc version Client Version: 4.4.8 Server Version: 4.5.11 Kubernetes Version: v1.18.3+b0068a8 How reproducible: Always, Steps to Reproduce: unknown Actual results: There are certificate errors Expected results: There should not be certificate errors Additional info: