Bug 1461635 - [3.3] Hawkular Metrics cannot handle connecting to the Kubernetes Master when the ca.crt contains multiple certificates.
Summary: [3.3] Hawkular Metrics cannot handle connecting to the Kubernetes Master when...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Hawkular
Version: 3.3.1
Hardware: Unspecified
OS: Unspecified
urgent
urgent
Target Milestone: ---
: 3.3.1
Assignee: Matt Wringe
QA Contact: Junqi Zhao
URL:
Whiteboard:
: 1448999 (view as bug list)
Depends On: 1447463
Blocks: 1468308 1468309 1479930
TreeView+ depends on / blocked
 
Reported: 2017-06-15 03:02 UTC by Takayoshi Kimura
Modified: 2020-12-14 08:52 UTC (History)
10 users (show)

Fixed In Version:
Doc Type: No Doc Update
Doc Text:
undefined
Clone Of: 1447463
: 1468308 1479930 (view as bug list)
Environment:
Last Closed: 2017-08-31 17:00:23 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)
metrics diagram could be viewed form web console (121.24 KB, image/png)
2017-07-10 01:31 UTC, Junqi Zhao
no flags Details


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2017:1828 0 normal SHIPPED_LIVE OpenShift Container Platform 3.5, 3.4, and 3.3 bug fix update 2017-08-31 20:59:56 UTC

Description Takayoshi Kimura 2017-06-15 03:02:51 UTC
Backport the fix to 3.3 image, we have customers who run 3.3 and hitting this issue.

Comment 4 Matt Wringe 2017-07-06 16:04:19 UTC
*** Bug 1448999 has been marked as a duplicate of this bug. ***

Comment 6 Junqi Zhao 2017-07-10 01:31:26 UTC
Verify step is the same as 
https://bugzilla.redhat.com/show_bug.cgi?id=1447463#c64

Verification steps:
1. Add the example certificate before and after /etc/origin/master/ca-bundle.crt.
2. Restart server and deploy metrics 3.3.1 by using images from brew registry.
3. oc rsh ${HAWKULAR_METRICS_PODS};
   cat /var/run/secrets/kubernetes.io/serviceaccount/ca.crt

/var/run/secrets/kubernetes.io/serviceaccount/ca.crt is the same with /etc/origin/master/ca-bundle.crt.

4. Login web console, metrics can  be viewed, see the attached web UI snapshot

Testing env:
# openshift version
openshift v3.3.1.46.2
kubernetes v1.3.0+52492b4
etcd 2.3.0+git

Imags from brew registry, metrics-hawkular-metrics latest image is 3.3.1-19 now
metrics-hawkular-metrics   3.3.1               dbe8059ce797        3 days ago          1.773 GB
metrics-hawkular-metrics   3.3.1-19            dbe8059ce797        3 days ago          1.773 GB
metrics-deployer           3.3.1               63b8bb3b83a8        4 days ago          757.8 MB
metrics-cassandra          3.3.1               08450ccd6ce6        3 weeks ago         536.3 MB
metrics-heapster           3.3.1               823e44a1ec44        3 weeks ago         278 MB

Comment 7 Junqi Zhao 2017-07-10 01:31:51 UTC
Created attachment 1295664 [details]
metrics diagram could be viewed form web console

Comment 10 Junqi Zhao 2017-07-25 04:15:47 UTC
Verification steps are the same as Comment 6. Login web console, metrics can  be viewed, Hawkular Metrics can handle connecting to the Kubernetes Master when the ca.crt contains multiple certificates now.

Testing env:
# openshift version
openshift v3.3.1.46.6
kubernetes v1.3.0+52492b4
etcd 2.3.0+git

Images from brew registry
metrics-hawkular-metrics   3.3.1-22            21325bd35afb        8 hours ago         1.773 GB
metrics-cassandra          3.3.1-21            418c270b2efe        8 hours ago         735.4 MB
metrics-heapster           3.3.1-21            affd2b1c0b41        8 hours ago         278 MB
metrics-deployer           v3.3.1.46.6-2       270022b5670c        8 hours ago         757.9 MB

Comment 12 errata-xmlrpc 2017-08-31 17:00:23 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2017:1828


Note You need to log in before you can comment on or make changes to this bug.