Description of problem:
During rebase, we identified a test that was failing due to the defaulting logic for the jwks endpoint in kube-apiserver which tries to reach the IP of the KAS, yet this IP is not included in the default KAS serving certificate.
Wire the address of the LB instead to make this test work.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. run the `[sig-auth] ServiceAccounts should support OIDC discovery of service account issuer [Feature:ServiceAccountIssuerDiscovery] [Suite:openshift/conformance/parallel] [Suite:k8s]` test
the test fails
the test succeeds
we are disabling the test and it needs to be re-enabled when this BZ is fixed
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory (Moderate: OpenShift Container Platform 4.7.0 security, bug fix, and enhancement update), and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.