openshift-ingress-operator is failing to update router-certs because "Too long: must have at most 1048576 bytes" message

Solution Verified - Updated -


  • Because of CVE-2022-2403 Credentials leak in config map we replaced the default router certificates. This went well expect that the certificate in ns/openshift-authentication/secrets/v4-0-config-system-router-certs is not updated and we don't know why.
  • ingress-operator is reporting the below error and default certificates are not updated for openshift-authentication

    2022-09-01T06:24:15.157333294Z 2022-09-01T06:24:15.157Z ERROR   operator.init.controller.certificate_publisher_controller   controller/controller.go:266    Reconciler error    {"name": "foo-bar", "namespace": "openshift-ingress-operator", "error": "failed to ensure global secret: failed to update published router certificates secret: Secret \"router-certs\" is invalid: data: Too long: must have at most 1048576 bytes"}


  • Red Hat OpenShift Container Platform (RHOCP) before 4.12

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content