Description of problem: I installed the latest Openshift 4.3 version, and I used a custom ingress cert following the documentation here [1]. The proxy sidecar from the console-cr-form appear to not be receiving the custom trust bundle. This issue looks to be very similar to what we saw here [2] [1] https://docs.openshift.com/container-platform/4.3/authentication/certificates/replacing-default-ingress-certificate.html [2] https://bugzilla.redhat.com/show_bug.cgi?id=1766181 Version-Release number of selected component (if applicable): OCP4.3 Business Automation Operator is 1.3.0 How reproducible: 100% of time when using a custom ingress certificate Steps to Reproduce: 1. Follow steps here to replace the default ingress certificate: https://docs.openshift.com/container-platform/4.3/authentication/certificates/replacing-default-ingress-certificate.html 2. Try to authenticate to https://console-cr-form-newcastle-devel.apps.paas.dev.psi.redhat.com Actual results: Browser error "500 Internal Error" # oauth-proxy container error oc logs console-cr-form -c oauth-proxy ... 2020/02/10 15:19:28 oauthproxy.go:649: error redeeming code (client:172.129.4.1:40568): Post https://oauth-openshift.apps.ocp.prod.psi.redhat.com/oauth/token: x509: certificate signed by unknown authority 2020/02/10 15:19:28 oauthproxy.go:439: ErrorPage 500 Internal Error Internal Error Expected results: No 500 error after login # oauth-proxy container success example oc logs console-cr-form -c oauth-proxy ... 2020/02/11 21:53:42 oauthproxy.go:679: 10.131.0.1:51390 authentication complete Session{kube:admin token:true} Additional info:
Moving to https://issues.redhat.com/browse/RHPAM-2750