Bug 1906808

Summary: [test-disabled] ServiceAccounts should support OIDC discovery of service account issuer
Product: OpenShift Container Platform Reporter: Standa Laznicka <slaznick>
Component: apiserver-authAssignee: Standa Laznicka <slaznick>
Status: CLOSED ERRATA QA Contact: scheng
Severity: high Docs Contact:
Priority: high    
Version: 4.7CC: aos-bugs, mfojtik, sttts
Target Milestone: ---   
Target Release: 4.7.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: No Doc Update
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-02-24 15:42:30 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Standa Laznicka 2020-12-11 13:23:28 UTC 
Description of problem:
During rebase, we identified a test that was failing due to the defaulting logic for the jwks endpoint in kube-apiserver which tries to reach the IP of the KAS, yet this IP is not included in the default KAS serving certificate.

Wire the address of the LB instead to make this test work.

Version-Release number of selected component (if applicable):
4.7

How reproducible:
100%

Steps to Reproduce:
1. run the `[sig-auth] ServiceAccounts should support OIDC discovery of service account issuer [Feature:ServiceAccountIssuerDiscovery] [Suite:openshift/conformance/parallel] [Suite:k8s]` test

Actual results:
the test fails

Expected results:
the test succeeds
Comment 1 Tomáš Nožička 2020-12-11 13:27:14 UTC 
we are disabling the test and it needs to be re-enabled when this BZ is fixed
Comment 8 errata-xmlrpc 2021-02-24 15:42:30 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.7.0 security, bug fix, and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2020:5633