Automatic upgrade failure on openshift 1.3.1→1.4.0

[mhyzon]

Is anyone else seeing a failure of the automatic operator upgrade on Openshift from 1.3.1 to 1.4.0?

I'm on RHOSCP 4.14.35 / k8s version: v1.27.16+e826056

The operator tried to install 1.4.0 last week. I'm seeing the following error in the manager container on the falcon-operator-controller-manager pod for the new version

panic: opensslcrypto: can't initialize OpenSSL : openssl: can't retrieve OpenSSL version

goroutine 1 [running]:
crypto/internal/backend.init.0()
	/usr/lib/golang/src/crypto/internal/backend/openssl.go:65 +0x299

[mhyzon]

This looks like it's a conflict with our cluster being in FIPS mode? This error looks eerily similar to golang-fips/openssl#176 which they say is a go interopability bug, but also maybe requires a recompile to support FIPS mode? I'm not sure, this is all way in the golang innards and way above my head

[evanstoner]

Hey @mhyzon - engineering is trying to reproduce. Stand by.

[evanstoner]

Thanks for the report @mhyzon. Engineering identified an issue related to the version of the Go toolset used. For now, you'll have to revert to 1.3.1. We're tracking the issue, so look for a fix in a future operator's release notes.

I'll leave this issue open and comment back when the fix is released.

[mhyzon]

Thanks, good to know.

[evanstoner]

Release 1.5.0 resolved the FIPS issue via #639.

https://github.com/CrowdStrike/falcon-operator/releases/tag/v1.5.0

[mhyzon]

Given that 1.4.0 is broken, we stayed on 1.3.1. What is the recommended way to upgrade to 1.5.0? The automatic operator upgrade wants to go to 1.4.0. Do I have to uninstall 1.3.1 and then install 1.5.0 manually?