I have set up a large OpenShift cluster using Ansible, and then deploying EnMasse with a secured connection (mTLS) between the master and the EnMasse API server.
Even though the cluster appears to work, the openshift controller is restarting due to "not authorized" when trying to connect to the EnMasse API server. When projects are deleted, they are not properly clean up since the openshift controller keeps restarting.
I suspect that in order to reproduce this issue, one has to deploy a cluster using ansible, and enable more logging in the api server to see which use the openshift controller is trying to authenticate as, and why it is being denied to do so.
The fix may be to make some exception for the /apis/enmasse.io/v1alpha1 handler to not require authentication.
lulf
commented
4 years ago
I have set up a large OpenShift cluster using Ansible, and then deploying EnMasse with a secured connection (mTLS) between the master and the EnMasse API server.
Even though the cluster appears to work, the openshift controller is restarting due to "not authorized" when trying to connect to the EnMasse API server. When projects are deleted, they are not properly clean up since the openshift controller keeps restarting.
I suspect that in order to reproduce this issue, one has to deploy a cluster using ansible, and enable more logging in the api server to see which use the openshift controller is trying to authenticate as, and why it is being denied to do so.
The fix may be to make some exception for the /apis/enmasse.io/v1alpha1 handler to not require authentication.