Bug 1882083
Summary: | OCP 4.5 Certificates not renewed | ||
---|---|---|---|
Product: | OpenShift Container Platform | Reporter: | Neil Girard <ngirard> |
Component: | kube-apiserver | Assignee: | Tomáš Nožička <tnozicka> |
Status: | CLOSED DUPLICATE | QA Contact: | Ke Wang <kewang> |
Severity: | high | Docs Contact: | |
Priority: | unspecified | ||
Version: | 4.5 | CC: | aos-bugs, mfojtik, xxia |
Target Milestone: | --- | Keywords: | UpcomingSprint |
Target Release: | 4.7.0 | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2020-10-02 11:40:23 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Neil Girard
2020-09-23 18:40:49 UTC
We worked around the issue by doing the following: 1.) Generate new CSRs for each node. 2.) Regenerating new certs by hand in the following locations (expired certs): /etc/kubernetes/static-pod-resources/kube-apiserver-pod-x/secrets/kubelet-client /etc/kubernetes/static-pod-resources/kube-scheduler-certs/secrets/kube-scheduler-client-cert-key We are not sure why these certificates had expired. Still looking into probable causes. Auto regeneration of the two client keys failed and should be further investigated. *** This bug has been marked as a duplicate of bug 1881322 *** |