Bug 1736286 - error dialing backend: remote error: tls: internal error
Summary: error dialing backend: remote error: tls: internal error
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Node
Version: 4.1.z
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
: ---
Assignee: Seth Jennings
QA Contact: Sunil Choudhary
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-08-01 16:41 UTC by Nicholas Nachefski
Modified: 2019-08-09 17:53 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-08-01 17:11:35 UTC
Target Upstream Version:

Attachments (Terms of Use)

Description Nicholas Nachefski 2019-08-01 16:41:19 UTC 
Error when attempting to 'rsh' to a running container (either via 'oc' or web UI)

# oc get pods
pydemo-4-2nb5f       1/1     Running     0          21h

# oc rsh pydemo-4-2nb5f
Error from server: error dialing backend: remote error: tls: internal error


The container is running properly and serving my content, however, any remote connection attempt to it fails.
Comment 1 Seth Jennings 2019-08-01 17:03:45 UTC 
Very little information here but, most likely, the kubelet serving CSRs are not being approved.

`oc get csr` and you'll likely see some in Pending.  Those need to be approved with `oc adm certificate approve` in a UPI installation. 

For IPI installs, the machine-approver does this automatically.
Comment 2 Nicholas Nachefski 2019-08-01 17:11:35 UTC 
Thanks was it.   Thanks Seth!

for i in `oc get csr |grep Pending |awk '{print $1}'`; do oc adm certificate approve $i; done

'oc rsh' working fine now.
Comment 3 Steven Walter 2019-08-09 17:53:14 UTC 
Note: this is currently covered in knowledgebase solution: https://access.redhat.com/solutions/4307511
Note You need to log in before you can comment on or make changes to this bug.