Hi,
I've setup and ran Installer Provisioned Installation of OKD on several occations with
OKD versions 4.4 - 4.8 on my oVirt (4.3?)/4.4 platform. However, after installing a Custom
certificate for my self-hosted ovirt engine I've got problems getting the installation
of OKD 4.10 (and 4.8) to complete. Is this a known problem with a known solution I can
read up on somewhere?
The install takes three times as long as the working ones did before and when I look at
pods and cluster operators the "authentication" ones are in a bad state. I can
use the KUBECONFIG environment variable to list pods and interact with the environment but
the "oc login" fails with "unknown issuer".
I had the choice of a "full install" of my custom cert or just the GUI/Web and I
chose the latter. When installing the custom cert I followed the official RHV
documentation that was pointed to by some oVirt user in a forum. Whatever certs I
didn't change seemed to have worked before so I would be surprised if the solution is
to go for the "full install". In all other cases (like my Foreman server and my
freeIPA server) the oVirt works just fine with it's custom cert.
Since I've made it before I'm pretty sure I've correctly followed the OKD
installation instructions. What's new is the custom ovirt hosted-engine cert. Is there
a detailed documentation on exactly what certificates from my oVirt installation that
should be added to my "additionalTrustBundle" in OKD to make it work? In my
previous working installations I added the custom root CA since I needed it for other
purposes but maybe I need to add some other internal ovirt CA?
I'm currently running oVirt version "4.4.10.7-1.el8" on CentOS Stream
release 8 and OKD version "4.10.0-0.okd-2022-03-07-131213". No hardware changes
between working installations and failed ones.
Any hints on how to solve this would be appreciated