Bug 1821680

Summary: On recovery flow the csr-controller-ca isn't propagated to openshift-config-managed namespace
Product: OpenShift Container Platform Reporter: Tomáš Nožička <tnozicka>
Component: kube-controller-managerAssignee: Tomáš Nožička <tnozicka>
Status: CLOSED DUPLICATE QA Contact: zhou ying <yinzhou>
Severity: high Docs Contact:
Priority: high    
Version: 4.4CC: aos-bugs, maszulik, mfojtik, xxia, zyu
Target Milestone: ---   
Target Release: 4.5.0   
Hardware: Unspecified   
OS: Unspecified   
Fixed In Version: Doc Type: No Doc Update
Doc Text:
Story Points: ---
Clone Of:
: 1821683 (view as bug list) Environment:
Last Closed: 2020-05-05 07:02:10 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On:    
Bug Blocks: 1817997, 1821683, 1827990    

Description Tomáš Nožička 2020-04-07 12:08:46 UTC
When recovering from expired certificates, the refreshed csr-controller-ca configmap needs to be propagated to openshift-config-managed namespace to be consumed by CKAO to trust the new client certs.

Comment 5 zhou ying 2020-04-14 07:34:01 UTC
Refer https://bugzilla.redhat.com/show_bug.cgi?id=1821680#c4, I think we could verify this issue now. tested with payload: 4.5.0-0.nightly-2020-04-12-180647

Comment 6 Tomáš Nožička 2020-05-04 14:58:03 UTC
*** Bug 1818420 has been marked as a duplicate of this bug. ***

Comment 7 Xingxing Xia 2020-05-05 07:02:10 UTC

*** This bug has been marked as a duplicate of bug 1818420 ***