Description of problem: Encountering https://bugzilla.redhat.com/show_bug.cgi?id= 1766187 in 4.4. The problem has already been fixed in 4.3 Version-Release number of selected component (if applicable): 4.4 Steps to Reproduce: 1. Install ClusterLogging with 4.4 subscription channel. CSV is clusterlogging.4.4.0-202004261927. The cluster is using a custom CA bundle. 2. Create ClusterLogging resource 3. Try to login to Kibana using Oauth Actual results: HTTP error 500 Logs Kibana Oauth proxy: 2020/05/08 07:15:26 oauthproxy.go:645: error redeeming code (client:172.28.20.20:40992): Post https://oauth-openshift.apps.dx01.od.sdx.corp/oauth/token: x509: certificate signed by unknown authority 2020/05/08 07:15:26 oauthproxy.go:438: ErrorPage 500 Internal Error Internal Error Expected results: Login to Kibana succeeds. Additional info: Kibana CM trusted ca bundle is created ─➤ oc get cm kibana-trusted-ca-bundle NAME DATA AGE kibana-trusted-ca-bundle 1 2m58s However it is not mounted in Kibana deployment. volumes: - name: kibana secret: secretName: kibana defaultMode: 420 - name: kibana-proxy secret: secretName: kibana-proxy defaultMode: 420 - name: kibana-token-9pswp secret: secretName: kibana-token-9pswp defaultMode: 420
Just another comment: After reverting to the Subscription/CSV version 4.3 and reinstalling cluster logging, the ca bundle configmap is mounted to Kibana deployment and authentication works
*** Bug 1838770 has been marked as a duplicate of this bug. ***
Manually mounting the volume should just work as a workaround: https://access.redhat.com/solutions/5000761
verified on clusterlogging.4.4.0-202005301254
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:2445