2008414 – authentication errors with "square/go-jose: error in cryptographic primitive" are observed in the CI

Bug 2008414 - authentication errors with "square/go-jose: error in cryptographic primitive" are observed in the CI

Summary: authentication errors with "square/go-jose: error in cryptographic primitive"...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	Etcd
Sub Component:
Version:	4.9
Hardware:	Unspecified
OS:	Unspecified
Priority:	low
Severity:	low
Target Milestone:	---
Target Release:	4.8.z
Assignee:	Sam Batschelet
QA Contact:	Sandeep
Docs Contact:
URL:
Whiteboard:	tag-ci LifecycleReset
Depends On:	1956879
Blocks:
TreeView+	depends on / blocked

Reported:	2021-09-28 07:56 UTC by Sergiusz Urbaniak
Modified:	2021-10-12 06:01 UTC (History)
CC List:	9 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:	1956879
Environment:
Last Closed:	2021-10-12 06:01:23 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Github	openshift cluster-etcd-operator pull 665	0	None	open	[release-4.8] Bug 2008414: pkg/operator/metriccontroller: read etcd-operator SA token rather than using prometheus	2021-09-28 07:58:47 UTC
Red Hat Product Errata	RHBA-2021:3682	0	None	None	None	2021-10-12 06:01:42 UTC

Comment 4 Mike Fiedler 2021-10-06 14:53:31 UTC

@skundu Can you please take verification on this one with China out?

Comment 5 Sandeep 2021-10-07 06:42:39 UTC

I didn't see any "cryptographic primitive" error in the kube-rbac-proxy containers of the node-exporter pods. 


Steps followed:
[skundu@skundu ~]$ oc get clusterversion
NAME      VERSION                             AVAILABLE   PROGRESSING   SINCE   STATUS
version   4.9.0-0.nightly-2021-10-07-013010   True        False         44m     Cluster version is 4.9.0-0.nightly-2021-10-07-013010

[skundu@skundu ~]$ oc get po -n openshift-monitoring | grep node-exporter
node-exporter-dsp9n                            2/2     Running   0             61m
node-exporter-lrm24                            2/2     Running   0             66m
node-exporter-q882r                            2/2     Running   0             62m
node-exporter-x64r6                            2/2     Running   0             66m
node-exporter-xkf5g                            2/2     Running   0             66m
node-exporter-zp2jm                            2/2     Running   0             62m


[skundu@skundu ~]$ oc -n openshift-monitoring logs node-exporter-dsp9n kube-rbac-proxy
I1007 05:31:23.468992    2529 main.go:181] Valid token audiences: 
I1007 05:31:23.469958    2529 main.go:305] Reading certificate files
I1007 05:31:23.470366    2529 main.go:339] Starting TCP socket on [10.0.157.214]:9100
I1007 05:31:23.471242    2529 dynamic_cafile_content.go:167] Starting client-ca::/etc/tls/client/client-ca.crt
I1007 05:31:23.471349    2529 main.go:346] Listening securely on [10.0.157.214]:9100
[skundu@skundu ~]$ 
[skundu@skundu ~]$ oc -n openshift-monitoring logs node-exporter-dsp9n kube-rbac-proxy | grep -i "cryptographic"


checked the logs of "kube-rbac-proxy" containers of all the above "node-exporter" pods. No error found
So, moving it to verified.

Comment 7 errata-xmlrpc 2021-10-12 06:01:23 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (OpenShift Container Platform 4.8.14 bug fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2021:3682

Note You need to log in before you can comment on or make changes to this bug.