Bug 2058295
| Summary: | ACM doesn't accept secret type opaque for cluster api certificate | ||
|---|---|---|---|
| Product: | Red Hat Advanced Cluster Management for Kubernetes | Reporter: | hhemied |
| Component: | Cluster Lifecycle | Assignee: | Jian Qiu <jqiu> |
| Status: | CLOSED ERRATA | QA Contact: | txue |
| Severity: | unspecified | Docs Contact: | Christopher Dawson <cdawson> |
| Priority: | unspecified | ||
| Version: | rhacm-2.4 | CC: | crizzo, dhuynh, ecai, txue, yuhe, zyin |
| Target Milestone: | --- | Flags: | bot-tracker-sync:
rhacm-2.4.z+
|
| Target Release: | rhacm-2.4.3 | ||
| Hardware: | x86_64 | ||
| OS: | Other | ||
| Whiteboard: | |||
| Fixed In Version: | ACM 2.4.3 | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2022-05-03 16:44:03 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
we will fix this issue in 2.4.3. @hhemied can you verify this bug with our ACM 2.4.3? @hhemied can you please provide more background info? 1. is this a customer use case? 2. can you provide more detailed info/doc/step about how did you create openshift custom API certificate in the type opaque @hhemied can you please provide more background info? 1. is this a customer use case? 2. can you provide more detailed info/doc/step about how did you create openshift custom API certificate in the type opaque The ACM version: 2.4.3 I can confirm that I could import a cluster with apiserever certificate with the type: Opaque @txue this bug can be closed as resolved close as per reporter's comment. @hhemied If you can provide the steps to create "apiserever certificate with the type: Opaque" that will help us to reproduce this for our regression test. I can only find the redhat document that uses tls secret(https://docs.openshift.com/container-platform/4.8/security/certificates/api-server.html) This was created by some partner a long time ago for multiple clusters using ansible. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: Red Hat Advanced Cluster Management 2.4.4 security updates and bug fixes), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2022:1681 |
Description of the problem: I installed ACM 2.4 on openshift 4.824 cluster, the issue appeared when importing the local-cluster, I see the following error in the managedcluster-import-controller-v2 pod ``` /remote-source/deps/gomod/pkg/mod/sigs.k8s.io/controller-runtime.3-0.20210709165254-650ea59f19cc/pkg/internal/controller/controller.go:214 2022-02-24T16:16:35.468Z INFO importconfig-controller Reconciling managed cluster import secret {"Request.Name": "local-cluster"} 2022-02-24T16:16:35.502Z ERROR controller-runtime.manager.controller.importconfig-controller Reconciler error {"name": "local-cluster", "namespace": "", "error": "secret openshift-config/cbk-api-certificate-ocpazrs01 should have type=kubernetes.io/tls"} ``` Release version: ACM 2.4 Operator snapshot version: OCP version: OCP 4.8.24 Browser Info: Steps to reproduce: 1. create openshift custom API certificate in the type opaque 2. install ACM 2.4 3. wait until importing the local-cluster and check the controller-import pod logs Actual results: Can't import the local-cluster or anyone with the type opaque certificate for the cluster API. Expected results: import the cluster with whatever kind of secret type for the certificate. Additional info: