Unable to connect to Azure Red Hat OpenShift cluster

Solution Verified - Updated -

Environment

  • Azure Red Hat OpenShift (ARO)

Issue

  • The Azure Red Hat OpenShift (ARO) console is not responding, or not allowing a login.
  • The oc cli is not responding to requests.
  • Cluster operators may not be available or accessible.
  • An alternate cluster login method is required in order to fix the above issues.

Resolution

You can use the following procedure to regain CLI access to the cluster using the Admin Kubeconfig feature. This will allow cluster access in scenarios where the kube-apiserver is available, but openshift-ingress, openshift-console, or openshift-authentication aren't allowing a login.

Retrieve Admin Kubeconfig

Ensure you are running Azure CLI version 2.50.0 or later.

export SUBSCRIPTION_ID=<your-subscription-ID>
export RESOURCE_GROUP=<your-resource-group-name>
export CLUSTER=<name-of-ARO-cluster>

az aro get-admin-kubeconfig --subscription $SUBSCRIPTION_ID --resource-group $RESOURCE_GROUP --name $CLUSTER

Source and use the Kubeconfig

  • By default the command above saves the kubeconfig to the local directory under the name "kubeconfig". To use it, set the environment variable KUBECONFIG to the path of that file
export KUBECONFIG=/path/to/kubeconfig
oc get nodes
[output will show up here]
  • There's no need to use oc login because the admin user is already logged in, and the kubeconfig file is present.

Root Cause

  • The Admin Kubeconfig feature enables users to download the admin kubeconfig (which can't be revoked, and has a long expiration date). Logging in with the admin kubeconfig using oc, rather than logging in using the console or another oc user, will bypass OpenShift components that may be in need of repair. If an admin kubeconfig is obtained using this method and oc commands still are not responding, please open a case with Red Hat support to help resolve the issue.

  • Links contained herein to external website(s) are provided for convenience only. Red Hat has not reviewed the links and is not responsible for the content or its availability. The inclusion of any link to an external website does not imply endorsement by Red Hat of the website or their entities, products or services. You agree that Red Hat is not responsible or liable for any loss or expenses that may result due to your use of (or reliance on) the external site or content.

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.

Comments