Serverless Activator fails with "Failed to append ca cert to the RootCAs"

Solution Verified - Updated -

Issue

  • When internal encryption is enabled for OpenShift Serverless, after an update to OpenShift Serverless 1.30.0 the Activator Pod is in CrashLoopBackOff due to the following issue:

    2023/09/19 05:40:12 Registering 3 clients
2023/09/19 05:40:12 Registering 3 informer factories
2023/09/19 05:40:12 Registering 3 informers
{"severity":"INFO","timestamp":"2023-09-19T05:40:12.749552011Z","caller":"logging/config.go:80","message":"Unable to read vcs.revision from binary"}
{"severity":"INFO","timestamp":"2023-09-19T05:40:13.189667817Z","logger":"activator","caller":"activator/main.go:141","message":"Starting the knative activator","knative.dev/controller":"activator","knative.dev/pod":"activator-d8f98846f-grmnc"}
{"severity":"INFO","timestamp":"2023-09-19T05:40:13.19503527Z","logger":"activator","caller":"activator/main.go:169","message":"Internal Encryption is enabled","knative.dev/controller":"activator","knative.dev/pod":"activator-d8f98846f-grmnc"}
{"severity":"EMERGENCY","timestamp":"2023-09-19T05:40:13.216067405Z","logger":"activator","caller":"activator/main.go:181","message":"Failed to append ca cert to the RootCAs","knative.dev/controller":"activator","knative.dev/pod":"activator-d8f98846f-grmnc","stacktrace":"main.main\n\t/remote-source/knative-serving/app/cmd/activator/main.go:181\nruntime.main\n\t/usr/lib/golang/src/runtime/proc.go:250"}

Environment

  • Red Hat OpenShift Container Platform (RHOCP) 4.12
  • OpenShift Serverless 1.30.0 (knative-serving 1.9)

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content