Bug 1965853 - Ingress Certificate reverting back to Default
Summary: Ingress Certificate reverting back to Default
Keywords:
Status: CLOSED INSUFFICIENT_DATA
Alias: None
Product: Red Hat Advanced Cluster Management for Kubernetes
Classification: Red Hat
Component: Core Services / Observability
Version: rhacm-2.2
Hardware: All
OS: All
unspecified
high
Target Milestone: ---
: rhacm-2.2.6
Assignee: Chunlin Yang
QA Contact: Xiang Yin
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2021-05-30 23:05 UTC by Ryan Spagnola
Modified: 2024-10-01 18:23 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2021-07-14 03:25:00 UTC
Target Upstream Version:
Embargoed:
cqu: qe_test_coverage-
ming: rhacm-2.2.z+

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github open-cluster-management backlog issues 12933 0 None None None 2021-05-31 18:25:01 UTC

Description Ryan Spagnola 2021-05-30 23:05:32 UTC 
Description of the problem:
Customer configured ACM ingress certificates following the RedHat Documentation. However, The ingress deployment appears to revert back to the default self signed certificate randomly. 

oc get deployments -n open-cluster-management management-ingress-53a6c -o yaml

- command:
        - /management-ingress
        - --default-ssl-certificate=$(POD_NAMESPACE)/management-ingress-53a6c-tls-secret
        - --configmap=$(POD_NAMESPACE)/management-ingress-53a6c
        - --http-port=8080
        - --https-port=8443

https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.0/html/security/security#certificates

Release version:
2.2
Operator snapshot version:

OCP version:
4.6
Browser Info:

Steps to reproduce:
1. configure acm ingress certificate
2.
3.

Actual results:
Randomly resets to default self-signed cert
Expected results:
Configured cert stays intact
Additional info:
Comment 2 qhao 2021-05-31 03:18:52 UTC 
Hi, @Ryan Spagnola,

Could you help check if secret byo-ingress-tls-secret still there when you observe "Ingress Certificate reverting back to Default" ? 
From the source code of management-ingress chart https://github.com/open-cluster-management/management-ingress-chart/blob/release-2.2/stable/management-ingress/templates/management-ingress-deployment.yaml#L179-L184 , the only reason I can guess is byo-ingress-tls-secret is removed by accident and then chart re-installed. 

If the above doesn't help. Could you provide more info about this issue, did the customer do anything after configuring byo cert? What does Randomly mean?
Comment 3 qhao 2021-05-31 03:23:51 UTC 
@Ryan Spagnola,

Also, notice your ACM version is 2.2 while you are referring to a 2.0 doc. You may want to use 2.2 doc https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html/security/security#certificates to have a try.
Comment 4 qhao 2021-06-15 04:44:19 UTC 
@Ryan Spagnola, any update on this issue?
Comment 5 Todd Wardzinski 2021-06-29 13:40:44 UTC 
I'm also having this issue @qhao @ming on rhacm-2.2.5 with current client.  I can provide more debugging if need be.
Comment 6 qhao 2021-06-30 01:52:29 UTC 
twardzin , could you help check if the secret byo-ingress-tls-secret still there? and also the full output of `oc get deployments -n open-cluster-management management-ingress-xxx -o yaml` ?
Comment 7 Todd Wardzinski 2023-08-03 11:55:11 UTC 
This was resolved from my side.  No more help required.
Comment 8 Red Hat Bugzilla 2023-12-02 04:25:16 UTC 
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 120 days
Note You need to log in before you can comment on or make changes to this bug.