After running redeploy-certificates.yml playbook in OCP 3.9, prometheus works well except all routes meet 503 (Service Unavailable) error # oc -n openshift-metrics get pod NAME READY STATUS RESTARTS AGE prometheus-0 6/6 Running 6 2h prometheus-node-exporter-pff22 1/1 Running 1 2h prometheus-node-exporter-stg8f 1/1 Running 2 2h # oc -n openshift-metrics get route NAME HOST/PORT PATH SERVICES PORT TERMINATION WILDCARD alertmanager alertmanager-openshift-metrics.apps.0301-xvz.qe.rhcloud.com alertmanager <all> reencrypt None alerts alerts-openshift-metrics.apps.0301-xvz.qe.rhcloud.com alerts <all> reencrypt None prometheus prometheus-openshift-metrics.apps.0301-xvz.qe.rhcloud.com prometheus <all> reencrypt None Change TERMINATION from reencrypt to passthrough can login all routes images oauth-proxy-v3.9.70-1 prometheus-v3.9.70-1 prometheus-alert-buffer-v3.9.70-1 prometheus-alertmanager-v3.9.70-1 prometheus-node-exporter-v3.9.71-1 openshift-ansible version: v3.9.70
Created attachment 1539749 [details] 503 error for prometheus route
Tested with prometheus v3.9.71 and openshift-ansible v3.9.71, still can not login all routes alerts-proxy/alert-buffer/prom-proxy container reports error 2019/03/04 03:12:40 server.go:2753: http: TLS handshake error from 10.129.0.1:35806: remote error: tls: unknown certificate authority
Created attachment 1540442 [details] pods logs
OCP 3.6-3.10 is no longer on full support [1]. Marking CLOSED DEFERRED. If you have a customer case with a support exception or have reproduced on 3.11+, please reopen and include those details. When reopening, please set the Target Release to the appropriate version where needed. [1]: https://access.redhat.com/support/policy/updates/openshift