Bug 2037635 - impossible to configure custom certs for default console route in ingress config
Summary: impossible to configure custom certs for default console route in ingress config
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Management Console
Version: 4.10
Hardware: Unspecified
OS: Unspecified
unspecified
high
Target Milestone: ---
: 4.10.0
Assignee: Jakub Hadvig
QA Contact: Yadan Pei
URL:
Whiteboard:
Depends On:
Blocks: 2039681
TreeView+ depends on / blocked
 
Reported: 2022-01-06 07:53 UTC by Yadan Pei
Modified: 2023-09-15 01:50 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2022-03-10 16:37:12 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift console-operator pull 623 0 None open [WIP] Bug 2037635: Fix setting of custom cert for default route 2022-01-07 13:58:48 UTC
Red Hat Product Errata RHSA-2022:0056 0 None None None 2022-03-10 16:37:22 UTC

Comment 4 Yadan Pei 2022-01-12 08:36:46 UTC
1. update ingress.config and customize certs for default console route

$ oc get ingress.config cluster -o json | jq .spec
{
  "componentRoutes": [
    {
      "hostname": "console-openshift-console.apps.ci-ln-x09q8r2-72292.origin-ci-int-gce.dev.rhcloud.com",
      "name": "console",
      "namespace": "openshift-console",
      "servingCertKeyPairSecret": {
        "name": "custom-console-component"
      }
    }
  ],
  "domain": "apps.ci-ln-x09q8r2-72292.origin-ci-int-gce.dev.rhcloud.com"
}

2. after we made above changes, co/console is still working 
oc get co
NAME                                       VERSION                              AVAILABLE   PROGRESSING   DEGRADED   SINCE   MESSAGE
authentication                             4.10.0-0.nightly-2022-01-12-033357   True        False         False      16m     
baremetal                                  4.10.0-0.nightly-2022-01-12-033357   True        False         False      29m     
cloud-controller-manager                   4.10.0-0.nightly-2022-01-12-033357   True        False         False      32m     
cloud-credential                           4.10.0-0.nightly-2022-01-12-033357   True        False         False      34m     
cluster-autoscaler                         4.10.0-0.nightly-2022-01-12-033357   True        False         False      29m     
config-operator                            4.10.0-0.nightly-2022-01-12-033357   True        False         False      31m     
console                                    4.10.0-0.nightly-2022-01-12-033357   True        False         False      19m     

3. visit default console route, the certificate is updated accordingly

the reported issue has been fixed

Comment 6 Yadan Pei 2022-01-14 02:16:22 UTC
Hi Chen,

We will backport to 4.8.z as well but it can only happen after 4.9 fix PR gets merged and verified. A new 4.8.z bug will be automatically opened after 4.9.z PR get merged! 

See https://github.com/openshift/console-operator/pull/624#issuecomment-1010788316

Comment 9 errata-xmlrpc 2022-03-10 16:37:12 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.10.3 security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:0056

Comment 10 Red Hat Bugzilla 2023-09-15 01:50:52 UTC
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 365 days


Note You need to log in before you can comment on or make changes to this bug.