During IPI cluster upgrade, Authentication, Console cluster operator degraded with "x509: certificate is valid for custom_domain.com, not oauth-openshift.apps.default.cluster.com"

Solution Verified - Updated -

Issue

  • The Authentication, Console and Ingress operators are in degraded state with the following error during IPI cluster upgradation:
    authentication                             4.13.11   False       False         True       30m     OAuthServerRouteEndpointAccessibleControllerAvailable: Get "https://oauth-openshift.apps.default.cluster.com/healthz": x509: certificate is valid for custom_domain.com, not oauth-openshift.apps.default.cluster.com
    console                                    4.13.11   False       False         False      27m     RouteHealthAvailable: failed to GET route (https://console-openshift-console.apps.default.cluster.com): Get "https://console-openshift-console.apps.default.cluster.com": x509: certificate is valid for custom_domain.com, not console-openshift-console.apps.default.cluster.com
    ingress                                    4.13.11   True        False         True       30m     The "default" ingress controller reports Degraded=True: DegradedConditions: One or more other status conditions indicate a degraded state: CanaryChecksSucceeding=False (CanaryChecksRepetitiveFailures: Canary route checks for the default ingress controller are failing)

Environment

  • Red Hat OpenShift Container Platform (RHOCP)
    • Minor versions
      • 4.17
      • 4.18
      • 4.19
    • IPI

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content