Bug 1974773
Summary: | Using bound SA tokens causes fail to query cluster resource especially in a sts cluster | ||
---|---|---|---|
Product: | OpenShift Container Platform | Reporter: | Sergiusz Urbaniak <surbania> |
Component: | apiserver-auth | Assignee: | Standa Laznicka <slaznick> |
Status: | CLOSED ERRATA | QA Contact: | liyao |
Severity: | urgent | Docs Contact: | |
Priority: | urgent | ||
Version: | 4.8 | CC: | aos-bugs, cshereme, liyao, lwan, mfojtik, mifiedle, slaznick, surbania, vlaad, wking, wsun, wzheng, xtian |
Target Milestone: | --- | Keywords: | ServiceDeliveryBlocker, TestBlocker |
Target Release: | 4.8.0 | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | EmergencyRequest | ||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | 1974716 | Environment: | |
Last Closed: | 2021-07-27 23:13:39 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1974716 | ||
Bug Blocks: |
Comment 1
Standa Laznicka
2021-06-22 14:45:02 UTC
Verified on 4.8.0-0.nightly-2021-06-23-232238 1. provide my own Authentication CR into cluster manifests $ oc get Authentication cluster -o json | jq -r ".spec" { "oauthMetadata": { "name": "" }, "serviceAccountIssuer": "https://a-lwansts-480-021932120336748-oidc.s3.us-east-2.amazonaws.com", "type": "", "webhookTokenAuthenticator": { "kubeConfig": { "name": "webhook-authentication-integrated-oauth" } } } 2. launch an install 3. there is no longer Unauthorized keywords Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.8.2 bug fix and security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2021:2438 |