Bug 1965853 - Ingress Certificate reverting back to Default [NEEDINFO]
Summary: Ingress Certificate reverting back to Default
Keywords:
Status: CLOSED INSUFFICIENT_DATA
Alias: None
Product: Red Hat Advanced Cluster Management for Kubernetes
Classification: Red Hat
Component: Core Services / Observability
Version: rhacm-2.2
Hardware: All
OS: All
unspecified
high
Target Milestone: ---
: rhacm-2.2.6
Assignee: Chunlin Yang
QA Contact: Xiang Yin
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2021-05-30 23:05 UTC by Ryan Spagnola
Modified: 2023-08-03 11:55 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2021-07-14 03:25:00 UTC
Target Upstream Version:
Embargoed:
cqu: qe_test_coverage-
ming: rhacm-2.2.z+
qhao: needinfo? (rspagnol)
twardzin: needinfo? (ming)


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github open-cluster-management backlog issues 12933 0 None None None 2021-05-31 18:25:01 UTC

Description Ryan Spagnola 2021-05-30 23:05:32 UTC
Description of the problem:
Customer configured ACM ingress certificates following the RedHat Documentation. However, The ingress deployment appears to revert back to the default self signed certificate randomly. 

oc get deployments -n open-cluster-management management-ingress-53a6c -o yaml

- command:
        - /management-ingress
        - --default-ssl-certificate=$(POD_NAMESPACE)/management-ingress-53a6c-tls-secret
        - --configmap=$(POD_NAMESPACE)/management-ingress-53a6c
        - --http-port=8080
        - --https-port=8443

https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.0/html/security/security#certificates

Release version:
2.2
Operator snapshot version:

OCP version:
4.6
Browser Info:

Steps to reproduce:
1. configure acm ingress certificate
2.
3.

Actual results:
Randomly resets to default self-signed cert
Expected results:
Configured cert stays intact
Additional info:

Comment 2 qhao 2021-05-31 03:18:52 UTC
Hi, @Ryan Spagnola,

Could you help check if secret byo-ingress-tls-secret still there when you observe "Ingress Certificate reverting back to Default" ? 
From the source code of management-ingress chart https://github.com/open-cluster-management/management-ingress-chart/blob/release-2.2/stable/management-ingress/templates/management-ingress-deployment.yaml#L179-L184 , the only reason I can guess is byo-ingress-tls-secret is removed by accident and then chart re-installed. 

If the above doesn't help. Could you provide more info about this issue, did the customer do anything after configuring byo cert? What does Randomly mean?

Comment 3 qhao 2021-05-31 03:23:51 UTC
@Ryan Spagnola,

Also, notice your ACM version is 2.2 while you are referring to a 2.0 doc. You may want to use 2.2 doc https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html/security/security#certificates to have a try.

Comment 4 qhao 2021-06-15 04:44:19 UTC
@Ryan Spagnola, any update on this issue?

Comment 5 Todd Wardzinski 2021-06-29 13:40:44 UTC
I'm also having this issue @qhao @ming on rhacm-2.2.5 with current client.  I can provide more debugging if need be.

Comment 6 qhao 2021-06-30 01:52:29 UTC
twardzin , could you help check if the secret byo-ingress-tls-secret still there? and also the full output of `oc get deployments -n open-cluster-management management-ingress-xxx -o yaml` ?

Comment 7 Todd Wardzinski 2023-08-03 11:55:11 UTC
This was resolved from my side.  No more help required.


Note You need to log in before you can comment on or make changes to this bug.