Hide Forgot
Workloads in 3.x relied upon the service-ca.crt being present to validate serving certificates. That file isn't present in 4.0 clusters and the new mechanism of configmap injection cannot be used on 3.x. In order to run 3.x workloads on the 4.0 cluster, the serviceaccounttoken/service-ca.crt needs to be present.
I believe this must be fixed to ship 4.0
Verified. $ oc get secret -n default default-token-7gwqs -o json | jq '.data' .... "service-ca.crt": "LS0tLS1CRUdJTiBD....... .... $ oc get clusterversion NAME VERSION AVAILABLE PROGRESSING SINCE STATUS version 4.0.0-0.nightly-2019-03-13-233958 True False 35m Cluster version is 4.0.0-0.nightly-2019-03-13-233958
*** Bug 1659331 has been marked as a duplicate of this bug. ***
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2019:0758