Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 2008414

Summary: authentication errors with "square/go-jose: error in cryptographic primitive" are observed in the CI
Product: OpenShift Container Platform Reporter: Sergiusz Urbaniak <surbania>
Component: EtcdAssignee: Sam Batschelet <sbatsche>
Status: CLOSED ERRATA QA Contact: Sandeep <skundu>
Severity: low Docs Contact:
Priority: low    
Version: 4.9CC: aos-bugs, geliu, mfojtik, mifiedle, skundu, slaskawi, slaznick, surbania, wking
Target Milestone: ---Keywords: Reopened
Target Release: 4.8.z   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard: tag-ci LifecycleReset
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 1956879 Environment:
Last Closed: 2021-10-12 06:01:23 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1956879    
Bug Blocks:    

Comment 4 Mike Fiedler 2021-10-06 14:53:31 UTC 
@skundu Can you please take verification on this one with China out?
Comment 5 Sandeep 2021-10-07 06:42:39 UTC 
I didn't see any "cryptographic primitive" error in the kube-rbac-proxy containers of the node-exporter pods. 


Steps followed:
[skundu@skundu ~]$ oc get clusterversion
NAME      VERSION                             AVAILABLE   PROGRESSING   SINCE   STATUS
version   4.9.0-0.nightly-2021-10-07-013010   True        False         44m     Cluster version is 4.9.0-0.nightly-2021-10-07-013010

[skundu@skundu ~]$ oc get po -n openshift-monitoring | grep node-exporter
node-exporter-dsp9n                            2/2     Running   0             61m
node-exporter-lrm24                            2/2     Running   0             66m
node-exporter-q882r                            2/2     Running   0             62m
node-exporter-x64r6                            2/2     Running   0             66m
node-exporter-xkf5g                            2/2     Running   0             66m
node-exporter-zp2jm                            2/2     Running   0             62m


[skundu@skundu ~]$ oc -n openshift-monitoring logs node-exporter-dsp9n kube-rbac-proxy
I1007 05:31:23.468992    2529 main.go:181] Valid token audiences: 
I1007 05:31:23.469958    2529 main.go:305] Reading certificate files
I1007 05:31:23.470366    2529 main.go:339] Starting TCP socket on [10.0.157.214]:9100
I1007 05:31:23.471242    2529 dynamic_cafile_content.go:167] Starting client-ca::/etc/tls/client/client-ca.crt
I1007 05:31:23.471349    2529 main.go:346] Listening securely on [10.0.157.214]:9100
[skundu@skundu ~]$ 
[skundu@skundu ~]$ oc -n openshift-monitoring logs node-exporter-dsp9n kube-rbac-proxy | grep -i "cryptographic"


checked the logs of "kube-rbac-proxy" containers of all the above "node-exporter" pods. No error found
So, moving it to verified.
Comment 7 errata-xmlrpc 2021-10-12 06:01:23 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (OpenShift Container Platform 4.8.14 bug fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2021:3682