Bugzilla (bugzilla.redhat.com) will be under maintenance for infrastructure upgrades and will not be available on July 31st between 12:30 AM - 05:30 AM UTC. We appreciate your understanding and patience. You can follow status.redhat.com for details.
Bug 1573827 - config-map is not getting updated with certs
Summary: config-map is not getting updated with certs
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Service Catalog
Version: 3.7.1
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: ---
: 3.7.z
Assignee: Jay Boyd
QA Contact: sunzhaohua
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-05-02 10:36 UTC by Rutvik
Modified: 2021-06-10 16:02 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
If this bug requires documentation, please select an appropriate Doc Type value.
Clone Of:
Environment:
Last Closed: 2018-06-07 08:40:56 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Knowledge Base (Solution) 3439941 0 None None None 2018-05-10 17:17:52 UTC
Red Hat Product Errata RHBA-2018:1798 0 None None None 2018-06-07 08:41:31 UTC

Description Rutvik 2018-05-02 10:36:04 UTC
Description of problem:

As per recent errata[1], OCP is upgraded but while installing service catalog, the playbook is failing & throwing the errors:"Error: cluster doesn't provide requestheader-client-ca-file".

After checking with the config-map "extension-apiserver-authentication" present in kube-system namespace
only one cert is present there and others were not able to update. This is preventing installation of the service catalog.

[1]https://access.redhat.com/errata/RHBA-2018:0636

Comment 7 Jay Boyd 2018-05-09 16:59:02 UTC
I'm fixing this with https://github.com/openshift/openshift-ansible/pull/8311

Comment 8 Jay Boyd 2018-05-11 15:16:34 UTC
https://github.com/openshift/openshift-ansible/pull/8311 merged just now

Comment 12 sunzhaohua 2018-05-31 10:20:49 UTC
Verified

step:
1. install v3.6 with service catalog
2. upgrade to v3.7
3. oc describe cm -n kube-system

[root@qe-zhsun-36-gceeeemaster-etcd-1 ~]# oc describe cm -n kube-system
Name:		extension-apiserver-authentication
Namespace:	kube-system
Labels:		<none>
Annotations:	<none>

Data
====
client-ca-file:
----
-----BEGIN CERTIFICATE-----
MIIC6jCCAdKgAwIBAgIBATANBgkqhkiG9w0BAQsFADAmMSQwIgYDVQQDDBtvcGVu
c2hpZnQtc2lnbmVyQDE1Mjc3NTk0NjIwHhcNMTgwNTMxMDkzNzQxWhcNMjMwNTMw
MDkzNzQyWjAmMSQwIgYDVQQDDBtvcGVuc2hpZnQtc2lnbmVyQDE1Mjc3NTk0NjIw
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4HApGi88o0HrkHNOhgHsN
XjNQkEji9FMJFOHBecmcHhswdDEhSvKDgfmu6bicdswPXSv+Caa2TrwLKQdzBQK0
IX/bFhNrujAYyyMzQ7zweMgPP57hSHZVO7s6KcTxYqFwTUMV71sHK8zMPFVGFU/H
nV+dLfSYGgMdOE1IR0TZEUYEYVi/8TRgGeTdYVRaaDpsogvTSwixapSFGWCyhcJK
vFvIDj4v7hJ7iVbBIJM16VqvwACnSnY4VKByrjL348kjvxvDD1/Wh/6twCfMSgPW
XjWtP0NXTqr0Dy4pxVMCFfIIkNR0m3odNp1skGtELkqWW9tvE/PDk08iz86uYUbv
AgMBAAGjIzAhMA4GA1UdDwEB/wQEAwICpDAPBgNVHRMBAf8EBTADAQH/MA0GCSqG
SIb3DQEBCwUAA4IBAQCwDSTuxLD7OonwGsg2pxitAIW49cwbHvUhb/4np8xyrDY/
hvi5qxTXHQpWSh3pTm5r8+WVQ6ivBxCsfa7Nb1olRqQhVt9GvC5ht0xTsSWncTdv
AhYEnptcN7RzHDCuT49Msw/YO+qVyJ4hcZyv4S+XUV+Iybp+HCA4H7DVt7oC+KIT
V2gGpRwNtZulfCjFhIzFFWjUR49XC9l+oZw8eB/Bo6Zdrfxx8NjsiF9wXOIPnrIk
adL8xzUbgqq8JpXxufBdU0k1HYcGQBxj0uQjt/uQ38T9Hfm1D3pFZt6OVmYD+g8i
eDzbZYd5y62tW+kt0k8lWKMGg0lSIAYd5Th22SrI
-----END CERTIFICATE-----

requestheader-allowed-names:
----
["aggregator-front-proxy"]
requestheader-client-ca-file:
----
-----BEGIN CERTIFICATE-----
MIIC6jCCAdKgAwIBAgIBATANBgkqhkiG9w0BAQsFADAmMSQwIgYDVQQDDBtvcGVu
c2hpZnQtc2lnbmVyQDE1Mjc3NjAzODYwHhcNMTgwNTMxMDk1MzA1WhcNMjMwNTMw
MDk1MzA2WjAmMSQwIgYDVQQDDBtvcGVuc2hpZnQtc2lnbmVyQDE1Mjc3NjAzODYw
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3CnPKN/+R3XQhhTcVeutq
zI6sApLmulO1hKk/UFKpKipNdXY3O2170aTufJKKmjbfvDs2iBp2Cnrwdh+8/dr9
YSIt2fdU+WLK4V5w6bjCatnaqjyiT06ySmlgTE7WETpaJXYLxE5md468AnB/9YDS
CN7zwiq6dw/ZLP2cAiTnoGSDK1lssQIR2Ceg6PKo3QOWGulCSWPw1RtbtEq1MOxj
RFIAbX3nMYTneDJhwl7+9UNelY0aOJugLlOrREkDT/6lLnUqv0OEjfX6DTtA6N8/
0rE9+VmBRxl8Oa4tw0tdPf4HxKH3Vzu6uFGA8p6//oGgu+fQA22vvUomJvA07bJv
AgMBAAGjIzAhMA4GA1UdDwEB/wQEAwICpDAPBgNVHRMBAf8EBTADAQH/MA0GCSqG
SIb3DQEBCwUAA4IBAQAKIx5yiL368ZmrFT030geP3DP4Jj51ue97Qxj3X9XXK11r
OXZmBIfj2PtnwnFjU0w9ryUkiob/bVDN3ZESmKDsAG1gef8VI2Ziqb2p7KMx1Qr3
MHZ1Qqrb+bGreoVqoO8L+nYoFkwVfDedpV1WLotfYCqKhFj+0/k3DnoT2p5ULpB2
GTyFxoKlPCBTKdbW0h/Kb5Q4A2nKISoD+mjeieAQS2Dsi2QkZlWrxu1wrFtZXeTu
hxMu1kGKYo7IMYSNmme2GY4kcR8JTfohueqk+jmo9lKX52ywfFJK8Ld/Kvsgf8Bm
OQaFAMeRtwslXfMJXlQbrmbFsbOpAw5gAwnHxVTt
-----END CERTIFICATE-----

requestheader-extra-headers-prefix:
----
["X-Remote-Extra-"]
requestheader-group-headers:
----
["X-Remote-Group"]
requestheader-username-headers:
----
["X-Remote-User"]


Name:		kube-controller-manager
Namespace:	kube-system
Labels:		<none>
Annotations:	control-plane.alpha.kubernetes.io/leader={"holderIdentity":"qe-zhsun-36-gceeeemaster-etcd-1","leaseDurationSeconds":15,"acquireTime":"2018-05-31T10:12:42Z","renewTime":"2018-05-31T10:16:17Z","leaderTr...

Data
====
Events:
  FirstSeen	LastSeen	Count	From			SubObjectPath	Type		Reason		Message
  ---------	--------	-----	----			-------------	--------	------		-------
  1h		1h		1	controller-manager			Normal		LeaderElection	qe-zhsun-36-gcemaster-etcd-1 became leader
  1h		1h		1	controller-manager			Normal		LeaderElection	qe-zhsun-36-gcemaster-etcd-1 became leader


Name:		kube-scheduler
Namespace:	kube-system
Labels:		<none>
Annotations:	control-plane.alpha.kubernetes.io/leader={"holderIdentity":"qe-zhsun-36-gcemaster-etcd-1","leaseDurationSeconds":15,"acquireTime":"2018-05-31T09:07:16Z","renewTime":"2018-05-31T10:15:45Z","leaderTrans...

Data
====
Events:
  FirstSeen	LastSeen	Count	From			SubObjectPath	Type		Reason		Message
  ---------	--------	-----	----			-------------	--------	------		-------
  1h		1h		1	default-scheduler			Normal		LeaderElection	qe-zhsun-36-gcemaster-etcd-1 became leader
  1h		1h		1	default-scheduler			Normal		LeaderElection	qe-zhsun-36-gcemaster-etcd-1 became leader


Name:		openshift-master-controllers
Namespace:	kube-system
Labels:		<none>
Annotations:	control-plane.alpha.kubernetes.io/leader={"holderIdentity":"master-qe-zhsun-36-gcemaster-etcd-1-10.240.0.56-xxbfdthc","leaseDurationSeconds":15,"acquireTime":"2018-05-31T09:08:00Z","renewTime":"2018-0...

Data
====
Events:
  FirstSeen	LastSeen	Count	From				SubObjectPath	Type		Reason		Message
  ---------	--------	-----	----				-------------	--------	------		-------
  1h		1h		1	openshift-master-controllers			Normal		LeaderElection	master-qe-zhsun-36-gcemaster-etcd-1-10.240.0.56-wsb8bmmh became leader
  1h		1h		1	openshift-master-controllers			Normal		LeaderElection	master-qe-zhsun-36-gcemaster-etcd-1-10.240.0.56-xxbfdthc became leader

Comment 14 errata-xmlrpc 2018-06-07 08:40:56 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:1798


Note You need to log in before you can comment on or make changes to this bug.