Bug 1805182
| Summary: | openshift-apiserver degraded due to expired certificate errors | ||||||
|---|---|---|---|---|---|---|---|
| Product: | OpenShift Container Platform | Reporter: | Samuel Padgett <spadgett> | ||||
| Component: | openshift-apiserver | Assignee: | Lukasz Szaszkiewicz <lszaszki> | ||||
| Status: | CLOSED ERRATA | QA Contact: | Xingxing Xia <xxia> | ||||
| Severity: | high | Docs Contact: | |||||
| Priority: | high | ||||||
| Version: | 4.4 | CC: | aos-bugs, juzhao, mfojtik, sttts | ||||
| Target Milestone: | --- | Keywords: | Regression | ||||
| Target Release: | 4.4.0 | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | No Doc Update | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | |||||||
| : | 1809944 (view as bug list) | Environment: |
Version: 4.4.0-0.ci-2020-02-18-125517
Cluster ID: f838b3e0-b021-45ad-9081-c4939ef384cb
Browser: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:73.0) Gecko/20100101 Firefox/73.0
|
||||
| Last Closed: | 2020-05-13 21:59:36 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Bug Depends On: | 1809944 | ||||||
| Bug Blocks: | |||||||
| Attachments: |
|
||||||
*** Bug 1807473 has been marked as a duplicate of this bug. *** Verified using steps of bug 1809944#c6 in 4.4.0-0.nightly-2020-03-08-235004 env. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:0581 |
Created attachment 1664358 [details] oc get clusteroperators output Several operators began reporting degraded (see attached list). The OAuth server showed this error during login: "The authorization server encountered an unexpected condition that prevented it from fulfilling the request." I see certificate errors in the logs. OAuth server had this in its logs: I0219 21:28:39.992996 1 log.go:172] http: TLS handshake error from 10.128.2.7:49138: remote error: tls: bad certificate E0219 21:28:40.073478 1 osinserver.go:91] internal error: the server is currently unable to handle the request (get oauthclients.oauth.openshift.io openshift-challenging-client) E0219 21:30:58.108101 1 osinserver.go:91] internal error: the server is currently unable to handle the request (get oauthclients.oauth.openshift.io console) OpenShift API server had this in its logs: E0219 21:29:18.738704 1 authentication.go:104] Unable to authenticate the request due to an error: x509: certificate has expired or is not yet valid