Upgrading RHOCP to 4.6 fails due to invalid certificate for identity provider

Solution Verified - Updated -

Issue

  • Upgrading cluster from 4.5.x to 4.6.x stalled as authentication-operator goes in Degraded state.
$ oc get clusterversion
NAME     VERSION  AVAILABLE  PROGRESSING  SINCE  STATUS
version           True       True         38m    Unable to apply 4.6.29: the cluster operator authentication is degraded

$ oc get co | grep authentication
NAME                                      VERSION  AVAILABLE  PROGRESSING  DEGRADED  SINCE
authentication                            4.6.29   True       False        True      27m
  • Below error is observed in the authentication-operator description:
$ oc describe co authentication -o yaml | grep status - A7
status:
  conditions:
  - lastTransitionTime: '2021-06-13T22:36:25Z'
    message: "OAuthServerConfigObservationDegraded: error validating configMap openshift-config/ca-config-map:\
      \ certificate expired:\nOAuthServerConfigObservationDegraded: \tsub=CN=test.example.com,OU=RHexample,O=Test\
      \ Example,L=Washington,ST=District of Columbia,C=US;\n\
      OAuthServerConfigObservationDegraded: \tiss=CN=test.example.com,OU=RHexample,O=Test\
      \ Example,L=Washington,ST=District of Columbia,C=US"

Environment

  • Red Hat OpenShift Container Platform [RHOCP]
    • Upgrade from 4.5.x to 4.6.x

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content