Bug 2037635 - impossible to configure custom certs for default console route in ingress config [NEEDINFO]
Summary: impossible to configure custom certs for default console route in ingress config
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Management Console
Version: 4.10
Hardware: Unspecified
OS: Unspecified
Target Milestone: ---
: 4.10.0
Assignee: Jakub Hadvig
QA Contact: Yadan Pei
Depends On:
Blocks: 2039681
TreeView+ depends on / blocked
Reported: 2022-01-06 07:53 UTC by Yadan Pei
Modified: 2022-07-01 05:37 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed: 2022-03-10 16:37:12 UTC
Target Upstream Version:
cchen: needinfo? (jhadvig)

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Github openshift console-operator pull 623 0 None open [WIP] Bug 2037635: Fix setting of custom cert for default route 2022-01-07 13:58:48 UTC
Red Hat Product Errata RHSA-2022:0056 0 None None None 2022-03-10 16:37:22 UTC

Comment 4 Yadan Pei 2022-01-12 08:36:46 UTC
1. update ingress.config and customize certs for default console route

$ oc get ingress.config cluster -o json | jq .spec
  "componentRoutes": [
      "hostname": "console-openshift-console.apps.ci-ln-x09q8r2-72292.origin-ci-int-gce.dev.rhcloud.com",
      "name": "console",
      "namespace": "openshift-console",
      "servingCertKeyPairSecret": {
        "name": "custom-console-component"
  "domain": "apps.ci-ln-x09q8r2-72292.origin-ci-int-gce.dev.rhcloud.com"

2. after we made above changes, co/console is still working 
oc get co
NAME                                       VERSION                              AVAILABLE   PROGRESSING   DEGRADED   SINCE   MESSAGE
authentication                             4.10.0-0.nightly-2022-01-12-033357   True        False         False      16m     
baremetal                                  4.10.0-0.nightly-2022-01-12-033357   True        False         False      29m     
cloud-controller-manager                   4.10.0-0.nightly-2022-01-12-033357   True        False         False      32m     
cloud-credential                           4.10.0-0.nightly-2022-01-12-033357   True        False         False      34m     
cluster-autoscaler                         4.10.0-0.nightly-2022-01-12-033357   True        False         False      29m     
config-operator                            4.10.0-0.nightly-2022-01-12-033357   True        False         False      31m     
console                                    4.10.0-0.nightly-2022-01-12-033357   True        False         False      19m     

3. visit default console route, the certificate is updated accordingly

the reported issue has been fixed

Comment 6 Yadan Pei 2022-01-14 02:16:22 UTC
Hi Chen,

We will backport to 4.8.z as well but it can only happen after 4.9 fix PR gets merged and verified. A new 4.8.z bug will be automatically opened after 4.9.z PR get merged! 

See https://github.com/openshift/console-operator/pull/624#issuecomment-1010788316

Comment 9 errata-xmlrpc 2022-03-10 16:37:12 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.10.3 security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.