Bug 1710766 - RFE: Provide admin kubeconfig master filesystem
Summary: RFE: Provide admin kubeconfig master filesystem
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: kube-apiserver
Version: 4.1.0
Hardware: Unspecified
OS: Unspecified
low
high
Target Milestone: ---
: 4.6.0
Assignee: Tomáš Nožička
QA Contact: Xingxing Xia
URL:
Whiteboard: LifecycleReset
Depends On:
Blocks: 1877234
TreeView+ depends on / blocked
 
Reported: 2019-05-16 09:30 UTC by Tomáš Nožička
Modified: 2023-12-15 16:30 UTC (History)
9 users (show)

Fixed In Version:
Doc Type: No Doc Update
Doc Text:
Clone Of:
Environment:
Last Closed: 2020-10-27 15:54:19 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift cluster-kube-apiserver-operator pull 858 0 None closed Bug 1710766: Add kubeconfigs to masters 2021-02-16 11:00:42 UTC
Github openshift origin pull 25453 0 None closed Bug 1710766: Add e2e form kubeconfigs on masters 2021-02-16 11:00:42 UTC
Red Hat Bugzilla 1660273 0 urgent CLOSED Nextgen installer should pre-set stable file path for admin kubeconfig on master nodes 2021-02-22 00:41:40 UTC
Red Hat Bugzilla 1909597 1 high CLOSED [Docs] Need Documentation for using admin kubeconfigs in master nodes for recovery 2023-09-15 00:56:30 UTC
Red Hat Knowledge Base (Solution) 6112601 0 None None None 2021-06-10 16:42:59 UTC
Red Hat Product Errata RHBA-2020:4196 0 None None None 2020-10-27 15:54:36 UTC

Description Tomáš Nožička 2019-05-16 09:30:50 UTC
When I ssh to a master and want to test/use the local apiserver there is no kubeconfig present.

It would really help for debugging and recovery if we would provide one.

Could also help with a recovery when user deletes his dir from installer, yet he has a cluster without credentials.

Comment 2 Miheer Salunke 2019-12-10 07:29:47 UTC
Some discussion in the upstream  refer comment -> https://bugzilla.redhat.com/show_bug.cgi?id=1660273#c5

Comment 4 Tomáš Nožička 2020-05-20 08:45:26 UTC
This bug is actively worked on.

Comment 6 Tomáš Nožička 2020-06-18 09:13:52 UTC
This bug is actively worked on.

Comment 9 Michal Fojtik 2020-08-20 11:47:31 UTC
This bug hasn't had any activity in the last 30 days. Maybe the problem got resolved, was a duplicate of something else, or became less pressing for some reason - or maybe it's still relevant but just hasn't been looked at yet. As such, we're marking this bug as "LifecycleStale" and decreasing the severity/priority. If you have further information on the current state of the bug, please update it, otherwise this bug can be closed in about 7 days. The information can be, for example, that the problem still occurs, that you still want the feature, that more information is needed, or that the bug is (for whatever reason) no longer relevant.

Comment 10 Michal Fojtik 2020-08-24 08:32:35 UTC
The LifecycleStale keyword was removed because the bug got commented on recently.
The bug assignee was notified.

Comment 11 Michal Fojtik 2020-08-24 10:40:36 UTC
This bug hasn't had any activity in the last 30 days. Maybe the problem got resolved, was a duplicate of something else, or became less pressing for some reason - or maybe it's still relevant but just hasn't been looked at yet. As such, we're marking this bug as "LifecycleStale" and decreasing the severity/priority. If you have further information on the current state of the bug, please update it, otherwise this bug can be closed in about 7 days. The information can be, for example, that the problem still occurs, that you still want the feature, that more information is needed, or that the bug is (for whatever reason) no longer relevant.

Comment 12 Michal Fojtik 2020-08-24 17:17:20 UTC
The LifecycleStale keyword was removed because the bug got commented on recently.
The bug assignee was notified.

Comment 15 Ke Wang 2020-09-16 02:39:30 UTC
Verification steps:

$ oc version
Client Version: 4.6.0-202009040605.p0-f2a4a03
Server Version: 4.6.0-0.nightly-2020-09-15-063156
Kubernetes Version: v1.19.0+35ab7c5

$ oc debug node/<master node>

sh-4.4# chroot /host

sh-4.4# pwd
/etc/kubernetes/static-pod-resources/kube-apiserver-certs/secrets/node-kubeconfigs

sh-4.4# ls
lb-ext.kubeconfig  lb-int.kubeconfig  localhost-recovery.kubeconfig  localhost.kubeconfig

sh-4.4# export KUBECONFIG=`pwd`/localhost.kubeconfig
sh-4.4# oc get nodes
NAME                        STATUS   ROLES    AGE   VERSION
kewang1565-9n24f-master-0   Ready    master   14h   v1.19.0+35ab7c5
kewang1565-9n24f-master-1   Ready    master   14h   v1.19.0+35ab7c5
kewang1565-9n24f-master-2   Ready    master   14h   v1.19.0+35ab7c5
kewang1565-9n24f-worker-0   Ready    worker   14h   v1.19.0+35ab7c5
kewang1565-9n24f-worker-1   Ready    worker   14h   v1.19.0+35ab7c5
kewang1565-9n24f-worker-2   Ready    worker   14h   v1.19.0+35ab7c5

sh-4.4# export KUBECONFIG=`pwd`/localhost-recovery.kubeconfig
sh-4.4# oc get nodes
NAME                        STATUS   ROLES    AGE   VERSION
kewang1565-9n24f-master-0   Ready    master   14h   v1.19.0+35ab7c5
kewang1565-9n24f-master-1   Ready    master   14h   v1.19.0+35ab7c5
kewang1565-9n24f-master-2   Ready    master   14h   v1.19.0+35ab7c5
kewang1565-9n24f-worker-0   Ready    worker   14h   v1.19.0+35ab7c5
kewang1565-9n24f-worker-1   Ready    worker   14h   v1.19.0+35ab7c5
kewang1565-9n24f-worker-2   Ready    worker   14h   v1.19.0+35ab7c5

sh-4.4# export KUBECONFIG=`pwd`/lb-int.kubeconfig            
sh-4.4# oc get nodes
NAME                        STATUS   ROLES    AGE   VERSION
kewang1565-9n24f-master-0   Ready    master   14h   v1.19.0+35ab7c5
kewang1565-9n24f-master-1   Ready    master   14h   v1.19.0+35ab7c5
kewang1565-9n24f-master-2   Ready    master   14h   v1.19.0+35ab7c5
kewang1565-9n24f-worker-0   Ready    worker   14h   v1.19.0+35ab7c5
kewang1565-9n24f-worker-1   Ready    worker   14h   v1.19.0+35ab7c5
kewang1565-9n24f-worker-2   Ready    worker   14h   v1.19.0+35ab7c5

sh-4.4# export KUBECONFIG=`pwd`/lb-ext.kubeconfig
sh-4.4# oc get nodes
NAME                        STATUS   ROLES    AGE   VERSION
kewang1565-9n24f-master-0   Ready    master   14h   v1.19.0+35ab7c5
kewang1565-9n24f-master-1   Ready    master   14h   v1.19.0+35ab7c5
kewang1565-9n24f-master-2   Ready    master   14h   v1.19.0+35ab7c5
kewang1565-9n24f-worker-0   Ready    worker   14h   v1.19.0+35ab7c5
kewang1565-9n24f-worker-1   Ready    worker   14h   v1.19.0+35ab7c5
kewang1565-9n24f-worker-2   Ready    worker   14h   v1.19.0+35ab7c5

kubeconfigs work as expected, move the bug verified.

Comment 18 errata-xmlrpc 2020-10-27 15:54:19 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (OpenShift Container Platform 4.6 GA Images), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:4196


Note You need to log in before you can comment on or make changes to this bug.