Bug 1427774 - Router default cert is not being propagated to the F5
Summary: Router default cert is not being propagated to the F5
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Networking
Version: 3.4.0
Hardware: Unspecified
OS: Unspecified
unspecified
high
Target Milestone: ---
: ---
Assignee: Rajat Chopra
QA Contact: Hongan Li
URL:
Whiteboard:
Depends On:
Blocks: 1428025
TreeView+ depends on / blocked
 
Reported: 2017-03-01 07:49 UTC by Alexander Koksharov
Modified: 2017-08-16 19:51 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Cause: CLI help text was not clear about what worked on the F5 vs the haproxy routers Consequence: It was not obvious from the CLI what was supported on the F5 Fix: Update the CLI help text Result: More clear expectations
Clone Of:
: 1428025 (view as bug list)
Environment:
Last Closed: 2017-08-10 05:18:47 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Origin (Github) 13820 0 None None None 2017-04-25 13:18:56 UTC
Red Hat Product Errata RHEA-2017:1716 0 normal SHIPPED_LIVE Red Hat OpenShift Container Platform 3.6 RPM Release Advisory 2017-08-10 09:02:50 UTC

Description Alexander Koksharov 2017-03-01 07:49:18 UTC 
Description of problem:
were following "F5 native integration" and have noticed that router default certificate is not being propagated to the F5. We were using --default-certs option while deploying the f5-router but it did not change anything. We still getting some default certificate which is set on F5 and is for "localhost.local" domain. If we manually replace this cert on F5, we can access OCP services over secured routes.

Does f5-router pod configures default router certificate on F5? Are there prerequisites for this?

Version-Release number of selected component (if applicable):
3.4

How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:
Comment 5 Rajat Chopra 2017-04-07 23:04:26 UTC 
https://github.com/openshift/openshift-docs/pull/4090
Comment 7 Ben Bennett 2017-04-19 15:02:42 UTC 
Talked about this in standup and we are going to:
 - Clarify the command line args for F5 and haproxy in the docs (there's no current section)
 - In the CLI help we are going to add indications of which is for which router
Comment 8 Rajat Chopra 2017-04-19 18:51:38 UTC 
CLI PR: https://github.com/openshift/origin/pull/13820
Comment 10 Hongan Li 2017-05-31 03:03:28 UTC 
verified in atomic-openshift-3.6.86-1.git.0.3d5c716.el7.x86_64 and the cli help info has updated.
Comment 12 errata-xmlrpc 2017-08-10 05:18:47 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2017:1716
Note You need to log in before you can comment on or make changes to this bug.