HCP 4.18.14 to 4.18.22 upgrade breaks external connectivity via Konnectivity HTTPS proxy

Solution Verified - Updated -

Issue

  • HCP clusters that are upgraded to 4.18.22 facing connectivity issue with external endpoints, e.g the Azure AD endpoint.
  • Users are unable to login through Azure AD as soon as HCP cluster got upgraded to v4.18.22.
  • From oauth-openshift pod:
E0901 08:46:04.749502       1 errorpage.go:28] AuthenticationError: Get "https://graph.microsoft.com/oidc/userinfo": net/http: TLS handshake timeout
E0910 17:54:47.605756       1 errorpage.go:28] AuthenticationError: Get "https://graph.microsoft.com/oidc/userinfo": http: server gave HTTP response to HTTPS client
  • From ingress-operator pod:
2025-09-10T18:07:19.799Z   ERROR   operator.ingress_controller     controller/controller.go:116    got retryable error; requeueing {"after": "1m0s", "error": "IngressController is degraded: CanaryChecksSucceeding=False (CanaryChecksRepetitiveFailures: Canary route checks for the default ingress controller are failing. Last 1 error messages:\nerror sending canary HTTP request to \"canary-openshift-ingress-canary.apps.cluster.test.hypershift.openshift.com\": Get \"https://canary-openshift-ingress-canary.apps.cluster.test.hypershift.openshift.com\": http: server gave HTTP response to HTTPS client (x6 over 5m0s))"}

Environment

  • Red Hat OpenShift Container Platform 4.18.22 (HCP)

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content