Known issues and limitations for IBM Cloud Private with OpenShift
Review the known issues for version 3.1.2.
- Incorrect logging port
- Node exporter in error state
- Incorrect cURL command
- Certificate error after running the cloudctl login command
Incorrect logging port
If you click Logging from the IBM Cloud Private navigation, you reach https://:8443/kibana/
, where 8443
is an incorrect port. Change the port to the IBM Cloud Private port number that is included in the
config.yaml
installation file (https:// :/kibana/
) to display the Kibana dashboard correctly.
Node exporter in error state
Node exporter might be in error state due to unsuccessful image pull in OpenShift environment.
To work around this issue in pre-installation, add the following content to the config.yaml
file:
monitoring:
nodeExporter:
serviceAccount:
name: "default"
To work around this issue in post-installation, use the following command:
kubectl patch ds/monitoring-prometheus-nodeexporter -n kube-system -p '{"spec":{"template":{"spec":{"serviceAccount":"default","serviceAccountName":"default"}}}}'
Incorrect cURL command
You might encounter a Connection Refused
error due to the incorrect cURL command in IBM Cloud Private CLI.
To correct the error, replace 8443
with 5443
.
Certificate error after running the cloudctl login command
If you run the IBM Cloud Private general CLI cloudctl login
command with OpenShift installed, afterward, kubectl calls might receive a certificate error.
To resolve this issue, follow the appropriate steps for either a Linux® master or a Mac OSx master:
On a Linux master:
-
Replace
<Cluster Master Host>:<Cluster Master API Port>
with the master endpoint that is defined in Master endpoints in the following commands:export OS_CA_CERT=$(openssl s_client -showcerts -connect <Cluster Master Host>:<Cluster Master API Port> </dev/null 2>/dev/null | openssl x509 -outform PEM) export ICP_CA_CERT=$(kubectl -n kube-system get secret cluster-ca-cert -o yaml | grep ' tls.crt' | cut -d ":" -f 2 | xargs | base64 -d) echo -e "$ICP_CA_CERT\n$OS_CA_CERT" | base64 | tr -d '\n'
-
Copy the output and replace the
tls.crt
values in thecluster-ca-cert
:kubectl -n kube-system edit secret cluster-ca-cert
On a Mac master:
-
Replace
<Cluster Master Host>:<Cluster Master API Port>
with the master endpoint that is defined in Master endpoints in the following commands:export OS_CA_CERT=$(openssl s_client -showcerts -connect <Cluster Master Host>:<Cluster Master API Port> </dev/null 2>/dev/null | openssl x509 -outform PEM) export ICP_CA_CERT=$(kubectl -n kube-system get secret cluster-ca-cert -o yaml | grep ' tls.crt' | cut -d ":" -f 2 | base64 -D) echo -e "$ICP_CA_CERT\n$OS_CA_CERT" | base64 | tr -d '\n'
-
Copy the output and replace the
tls.crt
values in thecluster-ca-cert
:kubectl -n kube-system edit secret cluster-ca-cert