2271580 – MCG operator fails to communicate via TLS due to an x509 error

Bug 2271580 - MCG operator fails to communicate via TLS due to an x509 error

Summary: MCG operator fails to communicate via TLS due to an x509 error

Keywords:
Status:	ON_QA
Alias:	None
Product:	Red Hat OpenShift Data Foundation
Classification:	Red Hat Storage
Component:	Multi-Cloud Object Gateway
Sub Component:
Version:	4.15
Hardware:	All
OS:	Unspecified
Priority:	unspecified
Severity:	high
Target Milestone:	---
Target Release:	ODF 4.15.8
Assignee:	Ben Eli
QA Contact:	Mahesh Shetty
Docs Contact:
URL:
Whiteboard:
Duplicates (3):	2268429 2269379 2293191 (view as bug list)
Depends On:
Blocks:	2246375
TreeView+	depends on / blocked

Reported:	2024-03-26 11:44 UTC by Ben Eli
Modified:	2024-10-13 08:18 UTC (History)
CC List:	6 users (show)
Fixed In Version:	4.15.8-1
Doc Type:	No Doc Update
Doc Text:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Github	noobaa noobaa-operator pull 1328	0	None	Merged	Modify the handling of injected OCP CA bundles	2024-04-10 10:35:26 UTC
Github	noobaa noobaa-operator pull 1460	0	None	Merged	[Backport to 5.15] Modify the handling of injected OCP CA bundles	2024-10-09 05:56:40 UTC

Description Ben Eli 2024-03-26 11:44:52 UTC

Description of problem (please be detailed as possible and provide log
snippests):
When the MCG operator tries to contact external domains (e.g. google.com, azure.com), it fails with an x509 TLS error.
This is mostly seen when the operator tries to create its default backingstore over any cloud service.
The error happens due to a race condition revolving around the timing of the cluster-provided CA-bundlo injection


Version of all relevant components (if applicable):
ODF 4.15

Does this issue impact your ability to continue to work with the product
(please explain in detail what is the user impact)?
Yes, the operator will not be able to create the default backingstore as long as the problem persists


Is there any workaround available to the best of your knowledge?
Restarting the operator pod a few minutes after its deployment

Rate from 1 - 5 the complexity of the scenario you performed that caused this
bug (1 - very simple, 5 - very complex)?
3

Can this issue reproducible?
Inconsistently

Can this issue reproduce from the UI?
NA

If this is a regression, please provide more details to justify this:
NA

Steps to Reproduce:
1. Deploy ODF over a cloud service

Actual results:
Deployment is blocked since MCG fails to create a default cloud backingstore

Expected results:
Deployment is successful

Additional info:

Comment 3 krishnaram Karthick 2024-05-02 11:44:33 UTC

what are the steps to reproduce/verify this issue?

Comment 4 krishnaram Karthick 2024-05-02 11:47:15 UTC

Moving the bug to 4.15.4. we need to understand why this fix is important enough to be backported.

Comment 5 Nimrod Becker 2024-05-02 12:15:12 UTC

Deployments on Azure, make sure the default BS is working.

Comment 6 Ben Eli 2024-05-27 10:55:19 UTC

*** Bug 2268429 has been marked as a duplicate of this bug. ***

Comment 7 Ben Eli 2024-05-27 10:55:32 UTC

*** Bug 2269379 has been marked as a duplicate of this bug. ***

Comment 12 Sunil Kumar Acharya 2024-10-08 05:15:46 UTC

Please backport the fix to ODF-4.15 and upd ate the RDT flag appropriately.

Note You need to log in before you can comment on or make changes to this bug.