Bug 1784841

Summary: CSR approval fails on IPv6-enabled AWS clusters
Product: OpenShift Container Platform Reporter: Brad Ison <brad.ison>
Component: Cloud ComputeAssignee: Brad Ison <brad.ison>
Status: CLOSED EOL QA Contact: Jianwei Hou <jhou>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 4.4   
Target Milestone: ---   
Target Release: 4.4.0   
Hardware: Unspecified   
OS: Unspecified   
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
: 1784847 (view as bug list) Environment:
Last Closed: 2020-04-01 02:06:52 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On:    
Bug Blocks: 1784847    

Description Brad Ison 2019-12-18 12:46:28 UTC
Description of problem:

IPv6 enabled clusters on AWS fail to have their CSRs automatically approved because:

- The AWS actuator does not include IPv6 addresses in the Machine status, which the cluster-machine-approver requires.

- The cluster-machine-approver fails to connect to IPv6 addresses to retrieve the current serving certificate.

Version-Release number of selected component (if applicable):

- 4.4

How reproducible:

- Always

Steps to Reproduce:
1. Create an IPv6 enabled AWS cluster.
2. Initial nodes are always approved during bootstrap.
3. Add a new node / machine by scaling a MachineSet up.
4. The new node will not have its CSR approved automatically.

Actual results:

- IPv6 enabled AWS nodes do not have certificates automatically approved.

Expected results:

- IPv6 enabled AWS nodes do have certificates automatically approved.

Additional info:

- IPv6 support is not yet finished, and only certain custom builds have it enabled.