+++ This bug was initially created as a clone of Bug #1781763 +++
+++ This bug was initially created as a clone of Bug #1765280 +++
Description of problem:
The authentication operator will sometimes report the following degraded condition:
RouteHealthDegraded: failed to GET route: dial tcp <ip>:443: connect: connection refused
Observed on the following platforms in CI over the past 14 days: gcp
The nature of the error (which looks like an external IP) and the fact that it has only been observed on GCP seem like clues.
In 4.2.13 -> 4.3.0-rc.0 CI today (also on GCP) :
"message": "Cluster operator authentication is still updating"
"message": "Unable to apply 4.3.0-rc.0: the cluster operator authentication has not yet successfully rolled out"
- lastTransitionTime: "2020-01-13T13:33:02Z"
message: 'RouteHealthDegraded: failed to GET route: dial tcp 184.108.40.206:443:
connect: connection refused'
And at that time the network operator is still running :
- name: operator
so I guess this still needs to be cloned back to 4.2.z.
Oh, original comment is missing:
*** Bug 1789583 has been marked as a duplicate of this bug. ***
No authentication failure found when deploy GCP with 4.4.0-0.nightly-2019-12-13-170401
[root@dhcp-41-193 FILE]# oc get nodes
NAME STATUS ROLES AGE VERSION
qe-wel-m8szx-m-0.c.openshift-qe.internal Ready master 25m v1.14.6+c383847f6
qe-wel-m8szx-m-1.c.openshift-qe.internal Ready master 25m v1.14.6+c383847f6
qe-wel-m8szx-m-2.c.openshift-qe.internal Ready master 25m v1.14.6+c383847f6
qe-wel-m8szx-w-a-kljqn.c.openshift-qe.internal Ready worker 14m v1.14.6+c383847f6
qe-wel-m8szx-w-b-cprzx.c.openshift-qe.internal Ready worker 14m v1.14.6+c383847f6
[root@dhcp-41-193 FILE]# oc get clusteroperator | grep authentication
authentication 4.2.0-0.nightly-2020-01-22-023656 True False False 8m23s
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.
Removing UpgradeBlocker from this older bug, to remove it from the suspect queue described in . If you feel like this bug still needs to be a suspect, please add keyword again.