Internal access to default operator routes goes through Istio-Envoy and results in 404 Not Found error in RHOCP 4

Solution Verified - Updated -

Issue

  • Accessing OpenShift route from a node returns the following HTTP 404 Not Found error:


    $ curl -Ik https://oauth-openshift.apps.example.com/healthz
HTTP/2 404
date: Sat, 29 Mar 2025 13:37:35 GMT
server: istio-envoy

  • Multiple cluster-operators are in degraded state:

    $ oc get co

NAME           VERSION AVAILABLE PROGRESSING DEGRADED SINCE MESSAGE
authentication 4.16.30 False     False       True     42h OAuthServerRouteEndpointAccessibleControllerAvailable: "https://oauth-openshift.apps.example.com/healthz" returned "404 Not Found"

console        4.16.30 False     False       True     42h RouteHealthAvailable: route not yet available, https://console-openshift-console.apps.example.com returns '404 Not Found'

ingress        4.16.30 True      False       True     50d The "default" ingress controller reports Degraded=True: DegradedConditions: One or more other status conditions indicate a degraded state: CanaryChecksSucceeding=False (CanaryChecksRepetitiveFailures: Canary route checks for the default ingress controller are failing. Last 1 error messages:..

Environment

  • Red Hat OpenShift Container Platform (RHOCP)
    • 4
  • Red Hat OpenShift Service Mesh (OSSM)
    • 2

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content