Description of problem: Encountering https://bugzilla.redhat.com/show_bug.cgi?id= 1766187 in 4.4. The problem has already been fixed in 4.3
Version-Release number of selected component (if applicable): 4.4
Steps to Reproduce:
1. Install ClusterLogging with 4.4 subscription channel. CSV is clusterlogging.4.4.0-202004261927. The cluster is using a custom CA bundle.
2. Create ClusterLogging resource
3. Try to login to Kibana using Oauth
HTTP error 500
Logs Kibana Oauth proxy:
2020/05/08 07:15:26 oauthproxy.go:645: error redeeming code (client:172.28.20.20:40992): Post https://oauth-openshift.apps.dx01.od.sdx.corp/oauth/token: x509: certificate signed by unknown authority
2020/05/08 07:15:26 oauthproxy.go:438: ErrorPage 500 Internal Error Internal Error
Login to Kibana succeeds.
Kibana CM trusted ca bundle is created
─➤ oc get cm kibana-trusted-ca-bundle
NAME DATA AGE
kibana-trusted-ca-bundle 1 2m58s
However it is not mounted in Kibana deployment.
- name: kibana
- name: kibana-proxy
- name: kibana-token-9pswp
Just another comment:
After reverting to the Subscription/CSV version 4.3 and reinstalling cluster logging, the ca bundle configmap is mounted to Kibana deployment and authentication works
*** Bug 1838770 has been marked as a duplicate of this bug. ***
Manually mounting the volume should just work as a workaround: https://access.redhat.com/solutions/5000761
verified on clusterlogging.4.4.0-202005301254
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.