Bug 2039344

Summary: When dual-stack is enabled, etcd operator go degraded as node receive additional ipv6 address
Product: OpenShift Container Platform Reporter: Michal Fojtik <mfojtik>
Component: EtcdAssignee: Allen Ray <alray>
Status: CLOSED NOTABUG QA Contact: Pedro Amoedo <pamoedom>
Severity: high Docs Contact:
Priority: unspecified    
Version: 4.8CC: alray, pamoedom, vlaad, wking
Target Milestone: ---   
Target Release: 4.10.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2022-01-21 21:12:06 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2040092    

Description Michal Fojtik 2022-01-11 14:25:16 UTC 
Description of problem:

After dual-stack is enabled in cluster, etcd operator will go degraded as it checks the validity of the current certs against node ip's. Since the node receive new ipv6 IP, the check will fail, because the certificate is not valid for that IP...

There are two options, we either regenerate the certificates and include additional IPv6 address in the cert OR we just skip ipv6 address, because we don't really need it for internal communication (ipv4 is still working).

xref: https://bugzilla.redhat.com/show_bug.cgi?id=2039235

Version-Release number of selected component (if applicable):

4.10 (but will require backport down to 4.8)

Steps to Reproduce:
1. enable dual-stack
2. watch etcd go degraded on certificate check
3.

Actual results:


Expected results:


Additional info:
Comment 4 Scott Dodson 2022-01-18 19:43:09 UTC 
We should be setting the Version to the version we believe first introduced or have confirmed the problem exists in and intend to fix. Target version gets set to the relevant branch where it's being fixed. This ensures that even looking just at the bug metadata it's clear which version range is affected.