Description of problem: When node-config.yaml has the following configuration: feature-gates: - RotateKubeletClientCertificate=true - RotateKubeletServerCertificate=true The node service does not set rotate-server-certificates equal to true instead logs show the following: FLAG: --rotate-server-certificates="false" Version-Release number of selected component (if applicable): v3.11.16 How reproducible: 100% Steps to Reproduce: 1. Set node-config to the following for feature-gates feature-gates: - RotateKubeletClientCertificate=true - RotateKubeletServerCertificate=true Actual results: atomic-openshift-node[15600]: I1119 11:55:26.681107 15600 flags.go:27] FLAG: --rotate-certificates="true" atomic-openshift-node[15600]: I1119 11:55:26.681114 15600 flags.go:27] FLAG: --rotate-server-certificates="false" Expected results: atomic-openshift-node[15600]: I1119 11:55:26.681107 15600 flags.go:27] FLAG: --rotate-certificates="true" atomic-openshift-node[15600]: I1119 11:55:26.681114 15600 flags.go:27] FLAG: --rotate-server-certificates="true" Additional info: The following config still works: feature-gates: - RotateKubeletClientCertificate=true,RotateKubeletServerCertificate=true
Adding: kubeletArguments: rotate-server-certificates: - 'true' Allows for the following configuration to work: kubeletArguments: rotate-server-certificates: - 'true' feature-gates: - RotateKubeletClientCertificate=true - RotateKubeletServerCertificate=true With out rotate-server-certificates set to true, the above configuration does not set it to true. https://github.com/openshift/openshift-ansible/blob/master/roles/openshift_node_group/templates/node-config.yaml.j2#L38
*** Bug 1656355 has been marked as a duplicate of this bug. ***
The feature-gates are intended to be a one-liner (example: https://docs.openshift.com/container-platform/3.11/install_config/configuring_local.html#local-volume-raw-block-devices). This is working as expected.
https://github.com/openshift/openshift-docs/pull/14347
Checked and the changes for the doc can be approved, so move to verified.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2019:0794