https://openshift-gce-devel.appspot.com/build/origin-ci-test/logs/release-openshift-origin-installer-e2e-aws-4.0/6733 https://www.dropbox.com/s/4smmx7wiyty2pjw/Screenshot%202019-04-15%2012.46.20.png?dl=0 ^ all of the "waterfall" flakes there show Unauthorized at least once Needs triage to a root cause, this is one of the "top failures" that impacts CI runs and general merge across the product.
*** Bug 1700052 has been marked as a duplicate of this bug. ***
We think that https://github.com/openshift/cluster-authentication-operator/pull/107 is the fix, so we are retesting and reviewing. Without this PR the cluster-authentication-operator can become Available even when the well-known endpoint check fails (we see "Progressing: got '404 Not Found' status while trying to GET the OAuth well-known https://172.30.0.1/.well-known/oauth-authorization-server endpoint data" before replicas come available), hence the tests failing on Unauthorized.
Verified. No such issue with nightly build now. $ oc get clusterversion NAME VERSION AVAILABLE PROGRESSING SINCE STATUS version 4.1.0-0.nightly-2019-04-18-210657 True False 170m Cluster version is 4.1.0-0.nightly-2019-04-18-210657
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2019:0758