Bug 2008414 - authentication errors with "square/go-jose: error in cryptographic primitive" are observed in the CI
Summary: authentication errors with "square/go-jose: error in cryptographic primitive"...
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Etcd
Version: 4.9
Hardware: Unspecified
OS: Unspecified
Target Milestone: ---
: 4.8.z
Assignee: Sam Batschelet
QA Contact: Sandeep
Whiteboard: tag-ci LifecycleReset
Depends On: 1956879
TreeView+ depends on / blocked
Reported: 2021-09-28 07:56 UTC by Sergiusz Urbaniak
Modified: 2021-10-12 06:01 UTC (History)
9 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of: 1956879
Last Closed: 2021-10-12 06:01:23 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Github openshift cluster-etcd-operator pull 665 0 None open [release-4.8] Bug 2008414: pkg/operator/metriccontroller: read etcd-operator SA token rather than using prometheus 2021-09-28 07:58:47 UTC
Red Hat Product Errata RHBA-2021:3682 0 None None None 2021-10-12 06:01:42 UTC

Comment 4 Mike Fiedler 2021-10-06 14:53:31 UTC
@skundu Can you please take verification on this one with China out?

Comment 5 Sandeep 2021-10-07 06:42:39 UTC
I didn't see any "cryptographic primitive" error in the kube-rbac-proxy containers of the node-exporter pods. 

Steps followed:
[skundu@skundu ~]$ oc get clusterversion
NAME      VERSION                             AVAILABLE   PROGRESSING   SINCE   STATUS
version   4.9.0-0.nightly-2021-10-07-013010   True        False         44m     Cluster version is 4.9.0-0.nightly-2021-10-07-013010

[skundu@skundu ~]$ oc get po -n openshift-monitoring | grep node-exporter
node-exporter-dsp9n                            2/2     Running   0             61m
node-exporter-lrm24                            2/2     Running   0             66m
node-exporter-q882r                            2/2     Running   0             62m
node-exporter-x64r6                            2/2     Running   0             66m
node-exporter-xkf5g                            2/2     Running   0             66m
node-exporter-zp2jm                            2/2     Running   0             62m

[skundu@skundu ~]$ oc -n openshift-monitoring logs node-exporter-dsp9n kube-rbac-proxy
I1007 05:31:23.468992    2529 main.go:181] Valid token audiences: 
I1007 05:31:23.469958    2529 main.go:305] Reading certificate files
I1007 05:31:23.470366    2529 main.go:339] Starting TCP socket on []:9100
I1007 05:31:23.471242    2529 dynamic_cafile_content.go:167] Starting client-ca::/etc/tls/client/client-ca.crt
I1007 05:31:23.471349    2529 main.go:346] Listening securely on []:9100
[skundu@skundu ~]$ 
[skundu@skundu ~]$ oc -n openshift-monitoring logs node-exporter-dsp9n kube-rbac-proxy | grep -i "cryptographic"

checked the logs of "kube-rbac-proxy" containers of all the above "node-exporter" pods. No error found
So, moving it to verified.

Comment 7 errata-xmlrpc 2021-10-12 06:01:23 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (OpenShift Container Platform 4.8.14 bug fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.