Authentication pods don't start because v4-0-config-system-router-certs secret is missing in RHOCP 4

Solution Verified - Updated -

Issue

  • The authentication Cluster Operator is degraded with the following messages:

    OAuthClientsControllerDegraded: the ingress config domain cannot be empty

    OAuthServerConfigObservationDegraded: secret "v4-0-config-system-router-certs" not found

    OAuthServerRouteEndpointAccessibleControllerDegraded: ingress config domain cannot be empty 

    RouterCertsDegraded: ingresses.config.openshift.io/cluster: no spec.domain specified

    CustomRouteControllerDegraded: Route.route.openshift.io "oauth-openshift" is invalid: [spec.host: Invalid value: "oauth-openshift.": host must conform to DNS 952 subdomain conventions, spec.host: Invalid value: "oauth-openshift.": a lowercase RFC 1123 label must consist of lower case alphanumeric characters or '-', and must start and end with an alphanumeric character (e.g. 'my-name',  or '123-abc', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?')]
  • Similar errors can be seen in the console Cluster Operator with ConsoleDefaultRouteSyncDegraded, DownloadsDefaultRouteSyncDegraded, ConsoleDefaultRouteSyncUpgradeable and DownloadsDefaultRouteSyncUpgradeable.
  • There are reconciliation failed: secret "v4-0-config-system-router-certs" not found errors in authentication operator logs, while openshift-authentication namespace events report the error secret "v4-0-config-system-router-certs" not found.
  • Oauth pods in openshift-authentication stay in ContainerCreating status.

Environment

  • Red Hat OpenShift Container Platform (RHOCP)
    • 4

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content