Bug 1723445 - Web Console is Inaccessible After Configuring Default Ingress Certificate
Summary: Web Console is Inaccessible After Configuring Default Ingress Certificate
Keywords:
Status: CLOSED DUPLICATE of bug 1712525
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Management Console
Version: 4.1.0
Hardware: Unspecified
OS: Unspecified
unspecified
medium
Target Milestone: ---
: ---
Assignee: Samuel Padgett
QA Contact: Chuan Yu
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-06-24 14:22 UTC by rvanderp
Modified: 2019-06-25 12:56 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-06-25 12:56:40 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)

Description rvanderp 2019-06-24 14:22:50 UTC
Description of problem:
Customer is attempting to configure default ingress certificate.  After setting the default ingress certificate with the instructions provided in the docs, the web console becomes inaccessible.

Link to docs --> https://docs.openshift.com/container-platform/4.1/authentication/certificates/replacing-default-ingress-certificate.html#replacing-default-ingress_replacing-default-ingress

Version-Release number of selected component (if applicable):

How reproducible:
The customer can consistently reproduce and I can reproduce with my test cluster.

Steps to Reproduce:
1. Replace the default ingress certificate with a cert not signed by the cluster
2. Delete console pods
3. The web console is inaccessible

Actual results:
Console is inaccessible

Expected results:
Console should be accessible after configuring default ingress certificate

Additional info:

It appears that the console is using the serviveaccount ca certficate to authenticate the certificate presented by the oauth-openshift endpoint, 

Below is an excerpt from the console pod logs:

2019/06/24 14:06:06 cmd/main: cookies are secure!
2019/06/24 14:06:06 auth: error contacting auth provider (retrying in 10s): request to OAuth issuer endpoint https://oauth-openshift.apps..redacted/oauth/token failed: Head https://oauth-openshift.apps..redacted: x509: certificate signed by unknown authority
2019/06/24 14:06:16 auth: error contacting auth provider (retrying in 10s): request to OAuth issuer endpoint https://oauth-openshift.apps..redacted/oauth/token failed: Head https://oauth-openshift.apps..redacted: x509: certificate signed by unknown authority
2019/06/24 14:06:26 auth: error contacting auth provider (retrying in 10s): request to OAuth issuer endpoint https://oauth-openshift.apps..redacted/oauth/token failed: Head https://oauth-openshift.apps..redacted: x509: certificate signed by unknown authority
2019/06/24 14:06:36 auth: error contacting auth provider (retrying in 10s): request to OAuth issuer endpoint https://oauth-openshift.apps..redacted/oauth/token failed: Head https://oauth-openshift.apps..redacted: x509: certificate signed by unknown authority
2019/06/24 14:06:46 auth: error contacting auth provider (retrying in 10s): request to OAuth issuer endpoint https://oauth-openshift.apps..redacted/oauth/token failed: Head https://oauth-openshift.apps..redacted: x509: certificate signed by unknown authority
2019/06/24 14:06:56 auth: error contacting auth provider (retrying in 10s): request to OAuth issuer endpoint https://oauth-openshift.apps..redacted/oauth/token failed: Head https://oauth-openshift.apps..redacted: x509: certificate signed by unknown authority
2019/06/24 14:07:06 auth: error contacting auth provider (retrying in 10s): request to OAuth issuer endpoint https://oauth-openshift.apps..redacted/oauth/token failed: Head https://oauth-openshift.apps..redacted: x509: certificate signed by unknown authority
2019/06/24 14:07:16 auth: error contacting auth provider (retrying in 10s): request to OAuth issuer endpoint https://oauth-openshift.apps..redacted/oauth/token failed: Head https://oauth-openshift.apps..redacted: x509: certificate signed by unknown authority

Comment 1 Ryan Howe 2019-06-24 17:48:48 UTC
This is a bug with the router where passtrhough routes are terminating at the router.

Comment 5 Samuel Padgett 2019-06-25 12:56:40 UTC

*** This bug has been marked as a duplicate of bug 1712525 ***


Note You need to log in before you can comment on or make changes to this bug.