Hide Forgot
Description of problem: defaultCertificateSecret is gone in clusteringress after change it to other value then change back to default Version-Release number of selected component (if applicable): 4.0.0-0.nightly-2019-02-17-024922 How reproducible: always Steps to Reproduce: 1. check the default clusteringress. $oc get clusteringress default -o yaml -n openshift-ingress-operator 2. create a secret "mynew" in openshift-ingress namespace $oc create secret tls mynew --cert=server.cert --key=server.key -n openshift-ingress 3. edit clusteringress and change defaultCertificateSecret to "mynew", and ensure it works well. 4. edit clusteringress and change defaultCertificateSecret to default "null". 5. check the clusteringress again. $oc get clusteringress default -o yaml -n openshift-ingress-operator Actual results: In step1 it shows "defaultCertificateSecret: null", but in step5, the defaultCertificateSecret is gone. Expected results: defaultCertificateSecret should be existed in clusteringress after change it back to default value. Additional info:
I could not reproduce the reported issue: % oc -n openshift-ingress-operator get ingresscontrollers/default -o yaml apiVersion: operator.openshift.io/v1 kind: IngressController metadata: creationTimestamp: 2019-03-12T04:18:33Z finalizers: - ingress.openshift.io/ingress-controller generation: 3 name: default namespace: openshift-ingress-operator resourceVersion: "22766" selfLink: /apis/operator.openshift.io/v1/namespaces/openshift-ingress-operator/ingresscontrollers/default uid: e62ead31-447d-11e9-9dbb-0a80bd621726 spec: nodePlacement: nodeSelector: matchLabels: node-role.kubernetes.io/worker: "" status: availableReplicas: 2 domain: apps.mmasters.devcluster.openshift.com endpointPublishingStrategy: type: LoadBalancerService selector: app=router,router=router-default % oc create secret tls mynew --cert=/home/mmasters/src/httpclient/test/server.cert --key=/home/mmasters/src/httpclient/test/server.key -n openshift-ingress secret/mynew created % oc -n openshift-ingress-operator patch ingresscontrollers/default --type=merge --patch='{"spec":{"defaultCertificate":{"name":"mynew"}}}' ingresscontroller.operator.openshift.io/default patched % oc -n openshift-ingress-operator get ingresscontrollers/default -o yaml apiVersion: operator.openshift.io/v1 kind: IngressController metadata: creationTimestamp: 2019-03-12T04:18:33Z finalizers: - ingress.openshift.io/ingress-controller generation: 4 name: default namespace: openshift-ingress-operator resourceVersion: "23948" selfLink: /apis/operator.openshift.io/v1/namespaces/openshift-ingress-operator/ingresscontrollers/default uid: e62ead31-447d-11e9-9dbb-0a80bd621726 spec: defaultCertificate: name: mynew nodePlacement: nodeSelector: matchLabels: node-role.kubernetes.io/worker: "" status: availableReplicas: 2 domain: apps.mmasters.devcluster.openshift.com endpointPublishingStrategy: type: LoadBalancerService selector: app=router,router=router-default % oc -n openshift-ingress-operator patch ingresscontrollers/default --type=merge --patch='{"spec":{"defaultCertificate":null}}' ingresscontroller.operator.openshift.io/default patched % oc -n openshift-ingress-operator get ingresscontrollers/default -o yaml apiVersion: operator.openshift.io/v1 kind: IngressController metadata: creationTimestamp: 2019-03-12T04:18:33Z finalizers: - ingress.openshift.io/ingress-controller generation: 5 name: default namespace: openshift-ingress-operator resourceVersion: "24120" selfLink: /apis/operator.openshift.io/v1/namespaces/openshift-ingress-operator/ingresscontrollers/default uid: e62ead31-447d-11e9-9dbb-0a80bd621726 spec: nodePlacement: nodeSelector: matchLabels: node-role.kubernetes.io/worker: "" status: availableReplicas: 2 domain: apps.mmasters.devcluster.openshift.com endpointPublishingStrategy: type: LoadBalancerService selector: app=router,router=router-default % Note that the API has changed some since this report was opened. In particular, the "ClusterIngress" resource was renamed to "IngressController", its .spec.defaultCertificateSecret field was renamed to .spec.defaultCertificate, and this field's type was changed from a string pointer to a local object reference pointer. However, even taking those API changes into account, the reported behavior is weird—I see no reason why you would ever see an explicit "null" value in the yaml output for that field. Can you try to reproduce the problem again? If you still see it, can you include the full output of the `oc get` commands?
Thank you for your update, Miciah. Since the latest nightly build QE can installed successfully is 4.0.0-0.nightly-2019-03-06-074438, and it is still using "ClusterIngress" resource, so I will check this later with latest build and let you know the result. $ oc -n openshift-ingress-operator get ingresscontrollers error: the server doesn't have a resource type "ingresscontrollers" $ oc get clusterversion NAME VERSION AVAILABLE PROGRESSING SINCE STATUS version 4.0.0-0.nightly-2019-03-06-074438 True False 22h Cluster version is 4.0.0-0.nightly-2019-03-06-074438
verified with 4.0.0-0.nightly-2019-03-13-233958 and fixed
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2019:0758