1877960 – [release-4.5] Empty router-certs secret results in log spam

Bug 1877960 - [release-4.5] Empty router-certs secret results in log spam

Summary: [release-4.5] Empty router-certs secret results in log spam

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	apiserver-auth
Sub Component:
Version:	4.5
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	medium
Target Milestone:	---
Target Release:	4.5.z
Assignee:	Maru Newby
QA Contact:	pmali
Docs Contact:
URL:
Whiteboard:
Depends On:	1877952
Blocks:
TreeView+	depends on / blocked

Reported:	2020-09-10 21:05 UTC by Maru Newby
Modified:	2020-09-30 14:07 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Doc Type:	No Doc Update
Doc Text:
Clone Of:	1877952
Environment:
Last Closed:	2020-09-30 14:07:01 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Github	openshift cluster-authentication-operator pull 342	0	None	closed	Bug 1877960: [release-4.5] router-secrets: set named certificates to empty array instead of nil when none found	2021-02-04 14:21:18 UTC
Red Hat Product Errata	RHBA-2020:3760	0	None	None	None	2020-09-30 14:07:29 UTC

Description Maru Newby 2020-09-10 21:05:48 UTC

+++ This bug was initially created as a clone of Bug #1877952 +++

If openshift-config-managed/router-certs secret does not contain any certs, the auth operator logs will be filled with the following errors:

E0909 19:49:58.876033       1 base_controller.go:180] "ConfigObserver" controller failed to sync "key", err: .servingInfo.namedCertificates accessor error: <nil> is of the type <nil>, expected []interface{}

While an empty router-certs secret is an anomalous condition, this error being logged by the auth operator complicates someone trying to troubleshoot the issue, as per [1].

1: https://bugzilla.redhat.com/show_bug.cgi?id=1876919

--- Additional comment from Maru Newby on 2020-09-10 21:04:14 UTC ---

QA: The fix has already merged (back in June). One possible strategy to verify is to disable the ingress operator and manually remove the data from the openshift-config-managed/router-certs secret and ensure that the mentioned error message does not appear in the logs.

Once you're comfortable marking this bz as verified I will be able to merge the 4.5 backport.

Comment 8 errata-xmlrpc 2020-09-30 14:07:01 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (OpenShift Container Platform 4.5.13 bug fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:3760

Note You need to log in before you can comment on or make changes to this bug.