Description of problem:
For greater context.
The bug as it manifests involves the following behavior:
1. Oftentimes, on our s390x installs we see an installation fail because oauth and console don't come up properly. (Console is dependent on oauth, so this is expected.)
2. Upon inspection, we can see that `v4-0-config-system-router-certs` is missing from the openshift-authentication namespace.
3. Looking at the starter.go code, it appears that this is supposed to be synced from openshift-config-managed <https://github.com/openshift/cluster-authentication-operator/blob/ee0dce672a145d198e4704f385a8afc976d22420/pkg/operator/starter.go#L206-L208>
4. Upon inspection of that namespace, the certs *are* present there, but the continuous syncing doesn't appear to be working properly.
According to Maru from the auth team, it appears that a scale-down->0->scale-up->1 of openshift-authentication-operator resolves the issue.
That the operator comes up healthy as soon as the secret becomes available from ingress.
Must-Gather Logs - https://drive.google.com/file/d/1G_8CCMqXTzEdj1mkHqmtEfXgmP1dH1qP/view?usp=sharing
should be fixed by https://github.com/openshift/cluster-authentication-operator/pull/346
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory (OpenShift Container Platform 4.6 GA Images), and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.