Bug 1965853
| Summary: | Ingress Certificate reverting back to Default | ||
|---|---|---|---|
| Product: | Red Hat Advanced Cluster Management for Kubernetes | Reporter: | Ryan Spagnola <rspagnol> |
| Component: | Core Services / Observability | Assignee: | Chunlin Yang <chuyang> |
| Status: | CLOSED INSUFFICIENT_DATA | QA Contact: | Xiang Yin <xiyin> |
| Severity: | high | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | rhacm-2.2 | CC: | cqu, ming, nmanos, qhao, twardzin |
| Target Milestone: | --- | Flags: | cqu:
qe_test_coverage-
ming: rhacm-2.2.z+ qhao: needinfo? (rspagnol) twardzin: needinfo? (ming) |
| Target Release: | rhacm-2.2.6 | ||
| Hardware: | All | ||
| OS: | All | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2021-07-14 03:25:00 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Hi, @Ryan Spagnola, Could you help check if secret byo-ingress-tls-secret still there when you observe "Ingress Certificate reverting back to Default" ? From the source code of management-ingress chart https://github.com/open-cluster-management/management-ingress-chart/blob/release-2.2/stable/management-ingress/templates/management-ingress-deployment.yaml#L179-L184 , the only reason I can guess is byo-ingress-tls-secret is removed by accident and then chart re-installed. If the above doesn't help. Could you provide more info about this issue, did the customer do anything after configuring byo cert? What does Randomly mean? @Ryan Spagnola, Also, notice your ACM version is 2.2 while you are referring to a 2.0 doc. You may want to use 2.2 doc https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html/security/security#certificates to have a try. @Ryan Spagnola, any update on this issue? I'm also having this issue @qhao @ming on rhacm-2.2.5 with current client. I can provide more debugging if need be. twardzin , could you help check if the secret byo-ingress-tls-secret still there? and also the full output of `oc get deployments -n open-cluster-management management-ingress-xxx -o yaml` ? This was resolved from my side. No more help required. |
Description of the problem: Customer configured ACM ingress certificates following the RedHat Documentation. However, The ingress deployment appears to revert back to the default self signed certificate randomly. oc get deployments -n open-cluster-management management-ingress-53a6c -o yaml - command: - /management-ingress - --default-ssl-certificate=$(POD_NAMESPACE)/management-ingress-53a6c-tls-secret - --configmap=$(POD_NAMESPACE)/management-ingress-53a6c - --http-port=8080 - --https-port=8443 https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.0/html/security/security#certificates Release version: 2.2 Operator snapshot version: OCP version: 4.6 Browser Info: Steps to reproduce: 1. configure acm ingress certificate 2. 3. Actual results: Randomly resets to default self-signed cert Expected results: Configured cert stays intact Additional info: