Closed faangbait closed 1 day ago
The ROSA default certificate bundle (*-primary-cent-bundle-secret) is of type "Opaque," not type "kubernetes.io/tls."
https://github.com/ibm-mas/ansible-devops/blob/47d6975c65123e862a2728bec341ca152f0ab05e/ibm/mas_devops/common_tasks/get_signed_ingress_cert.yml#L125C1-L127C1
[ec2-user@x ~]$ oc get secret -n openshift-ingress --show-labels NAME TYPE DATA AGE LABELS 2c9s1lebd4j0saesb6m74u182p8liv0q-primary-cert-bundle-secret Opaque 2 17h <none> builder-dockercfg-7bvtw kubernetes.io/dockercfg 1 17h <none> builder-token-6spvt kubernetes.io/service-account-token 4 17h <none> default-dockercfg-g44m4 kubernetes.io/dockercfg 1 17h <none> default-ingress-cert Opaque 2 17h hypershift.openshift.io/managed=true default-token-dqwpq kubernetes.io/service-account-token 4 17h <none> deployer-dockercfg-dzq2g kubernetes.io/dockercfg 1 17h <none> deployer-token-l2pvr kubernetes.io/service-account-token 4 17h <none> router-dockercfg-kwtk5 kubernetes.io/dockercfg 1 17h <none> router-metrics-certs-default kubernetes.io/tls 2 17h <none> router-stats-default Opaque 2 17h <none> router-token-v4xch kubernetes.io/service-account-token 4 17h <none>
Likely a configuration difference between ROSA Classic and ROSA HCP.
@faangbait thanks for the fix
whitfiea
commented
1 day ago whitfiea
commented
1 day ago
The ROSA default certificate bundle (*-primary-cent-bundle-secret) is of type "Opaque," not type "kubernetes.io/tls."
https://github.com/ibm-mas/ansible-devops/blob/47d6975c65123e862a2728bec341ca152f0ab05e/ibm/mas_devops/common_tasks/get_signed_ingress_cert.yml#L125C1-L127C1
Likely a configuration difference between ROSA Classic and ROSA HCP.