Bug 1877234

Summary: Drop recovery apiserver
Product: OpenShift Container Platform Reporter: Tomáš Nožička <tnozicka>
Component: kube-apiserverAssignee: Tomáš Nožička <tnozicka>
Status: CLOSED ERRATA QA Contact: Xingxing Xia <xxia>
Severity: high Docs Contact:
Priority: high    
Version: 4.6CC: aos-bugs, kewang, mfojtik, sttts, xxia
Target Milestone: ---   
Target Release: 4.6.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-10-27 16:39:14 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1710766    
Bug Blocks:    

Description Tomáš Nožička 2020-09-09 07:38:34 UTC 
We don't need recovery apiserver anymore with auto-recovery. We want to avoid customers accidentally running it and maintenance.
Comment 4 Xingxing Xia 2020-09-24 12:08:37 UTC 
In version that does not apply the dropping:
$ RELEASE_IMAGE=registry.svc.ci.openshift.org/ocp/release:4.5.0-0.nightly-2020-09-24-094317
$ KAO_IMAGE=$(oc adm release info ${RELEASE_IMAGE} --image-for=cluster-kube-apiserver-operator )
$ podman pull "${KAO_IMAGE}"
$ podman run -it --entrypoint=/usr/bin/cluster-kube-apiserver-operator "${KAO_IMAGE}" --help
...
Available Commands:
  ...
  recovery-apiserver
  regenerate-certificates
  ...

In version that merges the dropping, commands recovery-apiserver and regenerate-certificates are removed:
$ RELEASE_IMAGE=registry.svc.ci.openshift.org/ocp/release:4.6.0-0.nightly-2020-09-24-111253
$ KAO_IMAGE=$(oc adm release info ${RELEASE_IMAGE} --image-for=cluster-kube-apiserver-operator )
$ podman pull "${KAO_IMAGE}"
...
Available Commands:
  cert-regeneration-controller Start the Cluster Certificate Regeneration Controller
  cert-syncer
  check-endpoints              Checks that a tcp connection can be opened to one or more endpoints.
  help                         Help about any command
  insecure-readyz              Proxy the /readyz endpoint insecurely on an HTTP port
  installer                    Install static pod and related resources
  operator                     Start the Cluster kube-apiserver Operator
  prune                        Prune static pod installer revisions
  render                       Render kubernetes API server bootstrap manifests, secrets and configMaps
  resource-graph               Provides an often out-dated snapshot of where resources come from.

Flags:
...

In version that merges the dropping, recent cert DR has no issue, e.g. 4.6.0-0.nightly-2020-09-17-073141 in 1880396#c0 DR test.
Comment 7 errata-xmlrpc 2020-10-27 16:39:14 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (OpenShift Container Platform 4.6 GA Images), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:4196