search

OpenLiberty / open-liberty-operator

Eclipse Public License 2.0
28 stars 37 forks source link

Pod in CrashLoopBackOff but no error messages in the logs #252

Open jagraj opened 2 years ago

jagraj commented 2 years ago

Bug Report

What did you do?

I installed Open Liberty operator in OpenShift 4.6.x cluster and I created sample app (pet store) CR. I also installed Jetstack cert-manager operator to consume certificates in liberty application.

The Certificate CR had missing common name and keytool reporting it as not a valid certificate and this error message has been missing in the logs when the pod is in crash loop. I was getting following information and this did not help us to debug the problem.

oc logs certs-demo-d59b6565b-9smq9
Found mounted TLS certificates, generating keystore
Found mounted TLS CA certificate, adding to truststore

A clear and concise description of the steps you took (or insert a code snippet).

  1. Installed latest OpenLiberty operator.
  2. Created default Pet store app CR with cert-manager certificate.

Here is the CR for Certificate

apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: demo-app-cert
spec:
  secretName: demo-app-cert-secret
  duration: 2160h0m0s # 90d
  renewBefore: 360h0m0s # 15d
  organization:
  - "ibm"
  keySize: 2048
  keyAlgorithm: rsa
  keyEncoding: pkcs1
  usages:
    - server auth
    - client auth
  # At least one of a DNS Name, URI, or IP address is required.
  dnsNames:
  - '<YOUR_ROUTE>'
  issuerRef:
    name: selfsigned-cluster-issuer
    kind: ClusterIssuer

What did you expect to see?

We need proper error message in the logs when the keytool fails to import the certificate.

A clear and concise description of what you expected to happen (or insert a code snippet). If possible, add OpenLibertyApplication CR.

What did you see instead?

A clear and concise description of what you expected to happen (or insert a code snippet).

We need proper error message in the logs to debug actual problem.

Environment

oc version
Client Version: 4.6.16
Server Version: 4.6.42

Possible solution

Additional context

Add any other context about the problem here.

leochr commented 2 years ago

@jagraj I believe this should be opened against the Liberty container repo: https://github.com/OpenLiberty/ci.docker

If you agree, we can use the Move issue or Transfer issue option provided by GitHub (on the right-side, very bottom)