Created attachment 1900167 [details] discovery-operator log Description of the problem: No cluster discovered due to x509: certificate signed by unknown authority Release version: Operator snapshot version: 2.6.0-FC1 OCP version: 4.10.23 Browser Info: Steps to reproduce: 1. Create RH OCM creds in UI 2. Create/configure discovery setting in UI Actual results: No cluster discovered in UI Expected results: Additional info: ``` # oc get discoveryconfig -n aut-disco-ns discovery -oyaml apiVersion: discovery.open-cluster-management.io/v1 kind: DiscoveryConfig metadata: creationTimestamp: "2022-07-29T16:25:02Z" generation: 1 name: discovery namespace: aut-disco-ns resourceVersion: "115533" uid: f9e58c20-f5e4-4d67-94d5-67cde6f6b702 spec: credential: aut-disco filters: lastActive: 30 openShiftVersions: - "4.7" - "4.8" - "4.9" - "4.10" # oc get discoveredcluster -n aut-disco-ns No resources found in aut-disco-ns namespace. ``` discovery-operator log: ``` 1.6591122306428995e+09 ERROR Error updating DiscoveredClusters {"controller": "discoveryconfig", "controllerGroup": "discovery.open-cluster-management.io", "controllerKind": "DiscoveryConfig", "discoveryConfig": {"name":"discovery","namespace":"aut-disco-ns"}, "namespace": "aut-disco-ns", "name": "discovery", "reconcileID": "2a401570-dda6-400f-bc96-fa63b70139c6", "error": "couldn't get token: Post \"https://sso.redhat.com/auth/realms/redhat-external/protocol/openid-connect/token\": x509: certificate signed by unknown authority"} sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Reconcile /remote-source/deps/gomod/pkg/mod/sigs.k8s.io/controller-runtime.3/pkg/internal/controller/controller.go:121 sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler /remote-source/deps/gomod/pkg/mod/sigs.k8s.io/controller-runtime.3/pkg/internal/controller/controller.go:320 sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem /remote-source/deps/gomod/pkg/mod/sigs.k8s.io/controller-runtime.3/pkg/internal/controller/controller.go:273 sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2.2 /remote-source/deps/gomod/pkg/mod/sigs.k8s.io/controller-runtime.3/pkg/internal/controller/controller.go:234 1.659112230642963e+09 ERROR Reconciler error {"controller": "discoveryconfig", "controllerGroup": "discovery.open-cluster-management.io", "controllerKind": "DiscoveryConfig", "discoveryConfig": {"name":"discovery","namespace":"aut-disco-ns"}, "namespace": "aut-disco-ns", "name": "discovery", "reconcileID": "2a401570-dda6-400f-bc96-fa63b70139c6", "error": "couldn't get token: Post \"https://sso.redhat.com/auth/realms/redhat-external/protocol/openid-connect/token\": x509: certificate signed by unknown authority"} sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem /remote-source/deps/gomod/pkg/mod/sigs.k8s.io/controller-runtime.3/pkg/internal/controller/controller.go:273 sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2.2 /remote-source/deps/gomod/pkg/mod/sigs.k8s.io/controller-runtime.3/pkg/internal/controller/controller.go:234 ```
This bug has been taking care of in this PR: https://github.com/stolostron/backplane-operator/pull/269
G2Bsync 1210958281 comment thuyn-581 Wed, 10 Aug 2022 16:28:00 UTC G2BSync - Validated on 2.6.0-FC4.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: Red Hat Advanced Cluster Management 2.6.0 security updates and bug fixes), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2022:6370