Upgrading RHOCP to 4.6 fails due to invalid certificate for identity provider
Issue
- Upgrading cluster from
4.5.x
to4.6.x
stalled asauthentication-operator
goes inDegraded
state.
$ oc get clusterversion
NAME VERSION AVAILABLE PROGRESSING SINCE STATUS
version True True 38m Unable to apply 4.6.29: the cluster operator authentication is degraded
$ oc get co | grep authentication
NAME VERSION AVAILABLE PROGRESSING DEGRADED SINCE
authentication 4.6.29 True False True 27m
- Below error is observed in the
authentication-operator
description:
$ oc describe co authentication -o yaml | grep status - A7
status:
conditions:
- lastTransitionTime: '2021-06-13T22:36:25Z'
message: "OAuthServerConfigObservationDegraded: error validating configMap openshift-config/ca-config-map:\
\ certificate expired:\nOAuthServerConfigObservationDegraded: \tsub=CN=test.example.com,OU=RHexample,O=Test\
\ Example,L=Washington,ST=District of Columbia,C=US;\n\
OAuthServerConfigObservationDegraded: \tiss=CN=test.example.com,OU=RHexample,O=Test\
\ Example,L=Washington,ST=District of Columbia,C=US"
Environment
- Red Hat OpenShift Container Platform [RHOCP]
- Upgrade from 4.5.x to 4.6.x
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.