Changing RHACS route to edge and re-encrypt route users cannot access the RHACS console

Solution Verified - Updated -

Issue

  • By default central route is configured in passthrough mode and that is working fine.
  • After changing the RHACS route to Edge and Re-encrypt route, users cannot access the RHACS console.
  • The collector pods and sensor pods fail to start as the installed certificate remains unrecognised due to their reliance on an internal svc hostname for connection.

  • The sensor is not able to communicate with the central as it is expecting the certificate with CN central.advanced cluster-security.svc and is for the internal communication.

    error: Sensor reported an error: opening stream: rpc error: code = Unavailable desc = connection error: desc = "transport: authentication handshake failed: x509: certificate is valid for *.apps.cluster.domain, not central.advanced-cluster-security.svc"

Environment

  • Red Hat Advanced Cluster Security for Kubernetes (RHACS)
    • 3
    • 4

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content