Bug 1820486 - [oauth-openshift]fixes configmap "extension-apiserver-authentication" not found
Summary: [oauth-openshift]fixes configmap "extension-apiserver-authentication" not found
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: apiserver-auth
Version: 4.5
Hardware: Unspecified
OS: Unspecified
unspecified
medium
Target Milestone: ---
: 4.5.0
Assignee: Stefan Schimanski
QA Contact: scheng
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2020-04-03 08:13 UTC by Ke Wang
Modified: 2020-08-04 18:03 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of: 1813964
Environment:
Last Closed: 2020-08-04 18:03:56 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift origin pull 24719 0 None closed Rebase 1.18.0 rc.1 2020-12-17 18:14:58 UTC
Red Hat Product Errata RHBA-2020:2409 0 None None None 2020-08-04 18:03:59 UTC

Description Ke Wang 2020-04-03 08:13:32 UTC 
+++ This bug was initially created as a clone of Bug #1813964 +++

+++ This bug was initially created as a clone of Bug #1812878 +++

4.5.0-0.nightly-2020-04-03-003232 oauth log also has same issue:

$ oc logs oauth-openshift-56d45f4dc6-gf8vb -n openshift-authentication | grep 'configmap "extension-apiserver-authentication" not found'

W0403 07:20:00.949247       1 configmap_cafile_content.go:102] unable to load initial CA bundle for: "client-ca::kube-system::extension-apiserver-authentication::client-ca-file" due to: configmap "extension-apiserver-authentication" not found
W0403 07:20:00.949762       1 configmap_cafile_content.go:102] unable to load initial CA bundle for: "client-ca::kube-system::extension-apiserver-authentication::requestheader-client-ca-file" due to: configmap "extension-apiserver-authentication" not found

Not a 4.5 blocker. But is an issue worth to address. To avoid similar problem just like https://bugzilla.redhat.com/show_bug.cgi?id=1813911
Comment 1 Ke Wang 2020-04-03 09:42:28 UTC 
To verified if the log occurred the pod starting up, tried the following,

$ oc delete pod oauth-openshift-56d45f4dc6-gf8vb -n openshift-authentication --force --grace-period=0
warning: Immediate deletion does not wait for confirmation that the running resource has been terminated. The resource may continue to run on the cluster indefinitely.
pod "oauth-openshift-56d45f4dc6-gf8vb" force deleted

$ oc get pods -A | grep openshift-authentication
openshift-authentication-operator                  authentication-operator-8bdb6b997-r5vlp                              1/1     Running     0          143m
openshift-authentication                           oauth-openshift-56d45f4dc6-5j4k2                                     1/1     Running     0          35s
openshift-authentication                           oauth-openshift-56d45f4dc6-jzqhk                                     1/1     Running     0          142m

$ oc logs oauth-openshift-56d45f4dc6-5j4k2 -n openshift-authentication | grep 'configmap "extension-apiserver-authentication" not found'
W0403 09:38:58.937025       1 configmap_cafile_content.go:102] unable to load initial CA bundle for: "client-ca::kube-system::extension-apiserver-authentication::client-ca-file" due to: configmap "extension-apiserver-authentication" not found
W0403 09:38:58.937638       1 configmap_cafile_content.go:102] unable to load initial CA bundle for: "client-ca::kube-system::extension-apiserver-authentication::requestheader-client-ca-file" due to: configmap "extension-apiserver-authentication" not found

We can see the above message will be printed at the pod startup.
Comment 2 Lukasz Szaszkiewicz 2020-04-14 09:18:45 UTC 
the fix was included in the latest rebase (upstream 1.18)
Comment 7 errata-xmlrpc 2020-08-04 18:03:56 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (OpenShift Container Platform 4.5 image release advisory), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:2409
Note You need to log in before you can comment on or make changes to this bug.