OCP cluster version:
Run playbook: ansible-playbook -i /path/to/inventory /usr/share/ansible/openshift-ansible/playbooks/openshift-master/redeploy-certificates.yml
After finished, web console can be accessed, secret webconsole-serving-cert and web console pod are newly created.
Check admin console project, no new pod/secret are created. Try to login to console, it could be accessed at first, but after a while, it failed to open console url.
The console pod log shows failed info, pls refer to attachment.
Created attachment 1541801 [details]
Created attachment 1541802 [details]
Right, admin console certs are not being redeployed.
Created https://github.com/openshift/openshift-ansible/pull/11341 to fix this
Fix is available in openshift-ansible-3.11.95-1
ocp cluster version: openshift v3.11.97
Run below playbooks separately:
ansible-playbook -i /path/to/inventory /usr/share/ansible/openshift-ansible/playbooks/openshift-master/redeploy-certificates.yml
ansible-playbook -i /path/to/inventory /usr/share/ansible/openshift-ansible/playbooks/redeploy-certificates.yml
After finished, web console can be accessed, secret webconsole-serving-cert and web console pod are newly created. And console can be accessed, secret console-serving-cert and console pod are newly created.
The bug is fixed, so move it to Verified.
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.