Bug 1714158
Summary: | [DR][bare metal] Pod hang with container create error | |||
---|---|---|---|---|
Product: | OpenShift Container Platform | Reporter: | zhou ying <yinzhou> | |
Component: | kube-apiserver | Assignee: | Tomáš Nožička <tnozicka> | |
Status: | CLOSED ERRATA | QA Contact: | zhou ying <yinzhou> | |
Severity: | medium | Docs Contact: | ||
Priority: | medium | |||
Version: | 4.1.0 | CC: | aos-bugs, jokerman, mfojtik, mmccomas, sttts, talessio, tnozicka, xxia | |
Target Milestone: | --- | |||
Target Release: | 4.1.z | |||
Hardware: | Unspecified | |||
OS: | Unspecified | |||
Whiteboard: | ||||
Fixed In Version: | Doc Type: | If docs needed, set a value | ||
Doc Text: | Story Points: | --- | ||
Clone Of: | ||||
: | 1745571 (view as bug list) | Environment: | ||
Last Closed: | 2019-09-20 12:29:24 UTC | Type: | Bug | |
Regression: | --- | Mount Type: | --- | |
Documentation: | --- | CRM: | ||
Verified Versions: | Category: | --- | ||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
Cloudforms Team: | --- | Target Upstream Version: | ||
Embargoed: | ||||
Bug Depends On: | 1745571, 1749271 | |||
Bug Blocks: |
Description
zhou ying
2019-05-27 09:25:49 UTC
This is apiserver with invalid certs. There seems to be a race between the recovery procedure and cert-sync and install processes which can overwrite the new certs with old ones. The workaround would be to run the procedure second time, starting with `regenerate-certs` and running all the following steps. Race fix will follow. That has raised some worries for David about merging it in short time frame, agreed on smaller change that should fix the most obvious races for cert-syncer https://github.com/openshift/cluster-kube-apiserver-operator/pull/487 (we should have that cert syncer fix anyways to avoid stale caches). already bumped with https://github.com/openshift/cluster-kube-apiserver-operator/pull/487#issuecomment-503060868 this isn't in 4.1 branch yet confirmed with latest payload 4.1.0-0.nightly-2019-09-09-223953, can't reproduce the issue. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2019:2768 |