2037635 – impossible to configure custom certs for default console route in ingress config

Bug 2037635 - impossible to configure custom certs for default console route in ingress config [NEEDINFO]

Summary: impossible to configure custom certs for default console route in ingress config

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	Management Console
Sub Component:
Version:	4.10
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	high
Target Milestone:	---
Target Release:	4.10.0
Assignee:	Jakub Hadvig
QA Contact:	Yadan Pei
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	2039681
TreeView+	depends on / blocked

Reported:	2022-01-06 07:53 UTC by Yadan Pei
Modified:	2022-07-01 05:37 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2022-03-10 16:37:12 UTC
Target Upstream Version:
Flags:	cchen: needinfo? (jhadvig)

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Github	openshift console-operator pull 623	0	None	open	[WIP] Bug 2037635: Fix setting of custom cert for default route	2022-01-07 13:58:48 UTC
Red Hat Product Errata	RHSA-2022:0056	0	None	None	None	2022-03-10 16:37:22 UTC

Comment 4 Yadan Pei 2022-01-12 08:36:46 UTC

1. update ingress.config and customize certs for default console route

$ oc get ingress.config cluster -o json | jq .spec
{
  "componentRoutes": [
    {
      "hostname": "console-openshift-console.apps.ci-ln-x09q8r2-72292.origin-ci-int-gce.dev.rhcloud.com",
      "name": "console",
      "namespace": "openshift-console",
      "servingCertKeyPairSecret": {
        "name": "custom-console-component"
      }
    }
  ],
  "domain": "apps.ci-ln-x09q8r2-72292.origin-ci-int-gce.dev.rhcloud.com"
}

2. after we made above changes, co/console is still working 
oc get co
NAME                                       VERSION                              AVAILABLE   PROGRESSING   DEGRADED   SINCE   MESSAGE
authentication                             4.10.0-0.nightly-2022-01-12-033357   True        False         False      16m     
baremetal                                  4.10.0-0.nightly-2022-01-12-033357   True        False         False      29m     
cloud-controller-manager                   4.10.0-0.nightly-2022-01-12-033357   True        False         False      32m     
cloud-credential                           4.10.0-0.nightly-2022-01-12-033357   True        False         False      34m     
cluster-autoscaler                         4.10.0-0.nightly-2022-01-12-033357   True        False         False      29m     
config-operator                            4.10.0-0.nightly-2022-01-12-033357   True        False         False      31m     
console                                    4.10.0-0.nightly-2022-01-12-033357   True        False         False      19m     

3. visit default console route, the certificate is updated accordingly

the reported issue has been fixed

Comment 6 Yadan Pei 2022-01-14 02:16:22 UTC

Hi Chen,

We will backport to 4.8.z as well but it can only happen after 4.9 fix PR gets merged and verified. A new 4.8.z bug will be automatically opened after 4.9.z PR get merged! 

See https://github.com/openshift/console-operator/pull/624#issuecomment-1010788316

Comment 9 errata-xmlrpc 2022-03-10 16:37:12 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.10.3 security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:0056

Note You need to log in before you can comment on or make changes to this bug.