Bug 1659331 - [4.0]Couldn't find the default service cert secret in the pod from the Next-gen env
Summary: [4.0]Couldn't find the default service cert secret in the pod from the Next-g...
Status: CLOSED DUPLICATE of bug 1668825
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: apiserver-auth
Version: 4.1.0
Hardware: Unspecified
OS: Unspecified
Target Milestone: ---
: 4.1.0
Assignee: Matt Rogers
QA Contact: Chuan Yu
Depends On:
TreeView+ depends on / blocked
Reported: 2018-12-14 05:52 UTC by zhou ying
Modified: 2019-03-28 20:34 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed: 2019-03-28 20:34:02 UTC
Target Upstream Version:

Attachments (Terms of Use)

Description zhou ying 2018-12-14 05:52:08 UTC
Description of problem:
Create pod in the Next-gen env, check the default service cert, couldn't find the service-ca.crt in path: /var/run/secrets/kubernetes.io/serviceaccount/

Ansible-installed BRYO env doesn't have the issue.

Version-Release number of selected component (if applicable):
oc v4.0.0-0.82.0
kubernetes v1.11.0+6855010f70

How reproducible:

Steps to Reproduce:
1. Login the Next-gen env, create project;
2. Create pod, check the service cert

Actual results:
2. Couldn't find the service-ca.crt in path: /var/run/secrets/kubernetes.io/serviceaccount/
Without this cert, `curl https://hello.xxia-proj.svc:443` cannot be accessed within pod securely.

Expected results:
2. Should contain 'service-ca.crt' in the path /var/run/secrets/kubernetes.io/serviceaccount/.

Additional info:

Comment 3 Matt Rogers 2019-03-28 17:30:34 UTC
This was fixed by https://jira.coreos.com/browse/AUTH-131 where we added service-ca.crt back.

Comment 4 Matt Rogers 2019-03-28 20:34:02 UTC

*** This bug has been marked as a duplicate of bug 1668825 ***

Note You need to log in before you can comment on or make changes to this bug.