+++ This bug was initially created as a clone of Bug #1809665 +++ The router, console, and oauth endpoints should all gracefully terminate when their pods are marked deleted without dropping traffic. Console and oauth can have simple "wait before shutdown" logic because they do not execute long running transactions. The router needs to wait longer (it is a service load balancer) and then instruct HAProxy to gracefully terminate, then wait up to a limit, and then shut down. In combination these fixes will ensure end users see no disruption of the control plane or web console, or their frontend web applications, during upgrade.
as observed in https://testgrid.k8s.io/redhat-openshift-ocp-release-4.5-informing#release-openshift-origin-installer-e2e-aws-upgrade-rollback-4.5&sort-by-flakiness=, this was fixed by the patch merged on 2020-03-03, thus marking verified https://github.com/openshift/cluster-authentication-operator/pull/252
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:2409