Description of problem: When installing the custom wildcard certificate for the router by following the documentation, the rolling deployment of the router is failing giving error failed to mount for metrics-server-certificate where metrics is not installed in the environment. The deploy_router.yml and redeploy-certificates.yml playbooks are completed without any failure. - https://docs.openshift.com/container-platform/3.10/install_config/certificate_customization.html#configuring-custom-certificates-wildcard Version-Release number of selected component (if applicable): OCP 3.10 How reproducible: It was also observed in 3.10 and 3.11 clusters Expected results: In the OCP environment without metrics, the router deployment should be successful. Additional information: The errors from the events are as below: 1: "Failed mount" with the message "MountVolume.SetUp failed for volume "metrics-server-certificate" : secrets "router-metrics-tls" not found". 2: "Failed mount" with the message "Unable to mount volumes for pod "router-XX-XXX_default(XXX)": timeout expired waiting for volumes to attach or mount for pod "default"/"router-XX-XXX". list of unmounted volumes=[metrics-server-certificate]. list of unattached volumes=[metrics-server-certificate server-certificate router-token-XXX]" After deletion of the secret and the two variables i.e. ROUTER_METRICS_TLS_CERT_FILE and ROUTER_METRICS_TLS_KEY_FILE, the wildcard certificate on out routes can be used.
Looks like a duplicate of https://bugzilla.redhat.com/show_bug.cgi?id=1635613, which has a fix in-flight. Let me know if you disagree. *** This bug has been marked as a duplicate of bug 1635613 ***