Bug 2037635

Summary: impossible to configure custom certs for default console route in ingress config
Product: OpenShift Container Platform Reporter: Yadan Pei <yapei>
Component: Management ConsoleAssignee: Jakub Hadvig <jhadvig>
Status: CLOSED ERRATA QA Contact: Yadan Pei <yapei>
Severity: high Docs Contact:
Priority: unspecified    
Version: 4.10CC: aos-bugs, cchen, jhadvig, yapei
Target Milestone: ---   
Target Release: 4.10.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2022-03-10 16:37:12 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2039681    

Comment 4 Yadan Pei 2022-01-12 08:36:46 UTC 
1. update ingress.config and customize certs for default console route

$ oc get ingress.config cluster -o json | jq .spec
{
  "componentRoutes": [
    {
      "hostname": "console-openshift-console.apps.ci-ln-x09q8r2-72292.origin-ci-int-gce.dev.rhcloud.com",
      "name": "console",
      "namespace": "openshift-console",
      "servingCertKeyPairSecret": {
        "name": "custom-console-component"
      }
    }
  ],
  "domain": "apps.ci-ln-x09q8r2-72292.origin-ci-int-gce.dev.rhcloud.com"
}

2. after we made above changes, co/console is still working 
oc get co
NAME                                       VERSION                              AVAILABLE   PROGRESSING   DEGRADED   SINCE   MESSAGE
authentication                             4.10.0-0.nightly-2022-01-12-033357   True        False         False      16m     
baremetal                                  4.10.0-0.nightly-2022-01-12-033357   True        False         False      29m     
cloud-controller-manager                   4.10.0-0.nightly-2022-01-12-033357   True        False         False      32m     
cloud-credential                           4.10.0-0.nightly-2022-01-12-033357   True        False         False      34m     
cluster-autoscaler                         4.10.0-0.nightly-2022-01-12-033357   True        False         False      29m     
config-operator                            4.10.0-0.nightly-2022-01-12-033357   True        False         False      31m     
console                                    4.10.0-0.nightly-2022-01-12-033357   True        False         False      19m     

3. visit default console route, the certificate is updated accordingly

the reported issue has been fixed
Comment 6 Yadan Pei 2022-01-14 02:16:22 UTC 
Hi Chen,

We will backport to 4.8.z as well but it can only happen after 4.9 fix PR gets merged and verified. A new 4.8.z bug will be automatically opened after 4.9.z PR get merged! 

See https://github.com/openshift/console-operator/pull/624#issuecomment-1010788316
Comment 9 errata-xmlrpc 2022-03-10 16:37:12 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.10.3 security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:0056
Comment 10 Red Hat Bugzilla 2023-09-15 01:50:52 UTC 
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 365 days