Created attachment 1507388 [details] 40 console redirect loop Description of problem: Try to access the web console after all launched, but got redirect loop. Version-Release number of the following components: oc v4.0.0-0.43.0 kubernetes v1.11.0+d4cacc0 features: Basic-Auth GSSAPI Kerberos SPNEGO Server https://ocp-api.tt.testing:6443 kubernetes v1.11.0+d4cacc0 $ bin/openshift-install version bin/openshift-install v0.3.0-250-g30bb25ac57d7c7d3dae519186cbfca9af8aeaca2 Terraform v0.11.8 Your version of Terraform is out of date! The latest version is 0.11.10. You can update by downloading from www.terraform.io/downloads.html How reproducible: Always Steps to Reproduce: 1. Setup 40 cluster with libvirt provider with openshift-install 2. After all things launched, make router pod in openshift-ingress expose 80 & 443 port for routes 3. make dns entry in /etc/hosts for console route oc get routes -n openshift-console echo "worker_ip console-openshift-console.router.default.svc.cluster.local" >> /etc/hosts 4. try to access web console Actual results: 4. got redirect loop console logs: Navigated to https://console-openshift-console.router.default.svc.cluster.local/auth/login Error logging out TypeError: "NetworkError when attempting to fetch resource." main-chunk-0432bfc802ed74d1be3a.min.js:1:19214 Expected results: 4. web console should work well Additional info:
This can also be reproduced on Aws provider, so remove the libvirt in title.
Created attachment 1507913 [details] redirect_loop_aws_40_console
It's probably not worth trying to test the console until [1] gets closed. [1]: https://github.com/openshift/installer/issues/411
Ben, Now console testing on both AWS and Libvirt is blocked by this bug, is there any other workaround?
The old console is going away, it wont exist in 4.0 installs. The new console can be tested, pending this next PR: https://github.com/openshift/console-operator/pull/70
Should be blocked with https://bugzilla.redhat.com/show_bug.cgi?id=1653228
This is not an installer issue. This will be fixed by the ingress operator, which is maintained by the network edge team.
I feel this bug belongs to Auth because it appears the console's Route now has the correct host name and that name seems to properly resolve through external DNS.
Can you confirm that this is no longer an issue? I'd like to close this out as the original issue reported has been resolved.
Checked with aws provider, and kubeadmin work well.
This should have been closed due to errata shipping. Closing now.