Backport the fix to 3.3 image, we have customers who run 3.3 and hitting this issue.
*** Bug 1448999 has been marked as a duplicate of this bug. ***
Verify step is the same as https://bugzilla.redhat.com/show_bug.cgi?id=1447463#c64 Verification steps: 1. Add the example certificate before and after /etc/origin/master/ca-bundle.crt. 2. Restart server and deploy metrics 3.3.1 by using images from brew registry. 3. oc rsh ${HAWKULAR_METRICS_PODS}; cat /var/run/secrets/kubernetes.io/serviceaccount/ca.crt /var/run/secrets/kubernetes.io/serviceaccount/ca.crt is the same with /etc/origin/master/ca-bundle.crt. 4. Login web console, metrics can be viewed, see the attached web UI snapshot Testing env: # openshift version openshift v3.3.1.46.2 kubernetes v1.3.0+52492b4 etcd 2.3.0+git Imags from brew registry, metrics-hawkular-metrics latest image is 3.3.1-19 now metrics-hawkular-metrics 3.3.1 dbe8059ce797 3 days ago 1.773 GB metrics-hawkular-metrics 3.3.1-19 dbe8059ce797 3 days ago 1.773 GB metrics-deployer 3.3.1 63b8bb3b83a8 4 days ago 757.8 MB metrics-cassandra 3.3.1 08450ccd6ce6 3 weeks ago 536.3 MB metrics-heapster 3.3.1 823e44a1ec44 3 weeks ago 278 MB
Created attachment 1295664 [details] metrics diagram could be viewed form web console
Verification steps are the same as Comment 6. Login web console, metrics can be viewed, Hawkular Metrics can handle connecting to the Kubernetes Master when the ca.crt contains multiple certificates now. Testing env: # openshift version openshift v3.3.1.46.6 kubernetes v1.3.0+52492b4 etcd 2.3.0+git Images from brew registry metrics-hawkular-metrics 3.3.1-22 21325bd35afb 8 hours ago 1.773 GB metrics-cassandra 3.3.1-21 418c270b2efe 8 hours ago 735.4 MB metrics-heapster 3.3.1-21 affd2b1c0b41 8 hours ago 278 MB metrics-deployer v3.3.1.46.6-2 270022b5670c 8 hours ago 757.9 MB
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2017:1828