Bug 1731105 - `oc explain apiserver.spec.servingCerts` still explains defaultServingCertificate
Summary: `oc explain apiserver.spec.servingCerts` still explains defaultServingCertifi...
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: kube-apiserver
Version: 4.1.z
Hardware: Unspecified
OS: Unspecified
Target Milestone: ---
: 4.2.0
Assignee: Mike Dame
QA Contact: Xingxing Xia
Depends On:
Blocks: 1732934
TreeView+ depends on / blocked
Reported: 2019-07-18 10:02 UTC by Xingxing Xia
Modified: 2019-10-16 06:30 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
: 1732934 (view as bug list)
Last Closed: 2019-10-16 06:29:52 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Github openshift cluster-config-operator pull 70 0 None closed Use new crd-schema-gen in Makefile 2020-07-02 20:28:06 UTC
Red Hat Product Errata RHBA-2019:2922 0 None None None 2019-10-16 06:30:07 UTC

Description Xingxing Xia 2019-07-18 10:02:29 UTC
Description of problem:
`oc explain apiserver.spec.servingCerts` still explains defaultServingCertificate. Per the PRs [1] of https://bugzilla.redhat.com/show_bug.cgi?id=1728754 , the struct removed it. So oc explain should not show it either.
[1] See https://github.com/openshift/api/pull/375/files

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. oc get clusterversion
NAME      VERSION                             AVAILABLE   PROGRESSING   SINCE   STATUS
version   4.1.0-0.nightly-2019-07-18-023612   True        False         5h55m   Cluster version is 4.1.0-0.nightly-2019-07-18-023612

oc explain apiserver.spec.servingCerts
oc explain apiserver.spec.servingCerts.defaultServingCertificate
KIND:     APIServer
VERSION:  config.openshift.io/v1

RESOURCE: defaultServingCertificate <Object>

     defaultServingCertificate references a kubernetes.io/tls type secret
     containing the default TLS cert info for serving secure traffic. If no
     named certificates match the server name as understood by a client, this
     default certificate will be used. If defaultServingCertificate is not
     specified, then a operator managed certificate will be used. The secret
     must exist in the openshift-config namespace and contain the following
     required fields: - Secret.Data["tls.key"] - TLS private key. -
     Secret.Data["tls.crt"] - TLS certificate.

   name <string>
     name is the metadata.name of the referenced secret

Actual results:
2. The commands still show defaultServingCertificate

Expected results:
2. Should not show.

Additional info:

Comment 1 Mike Dame 2019-07-23 18:39:58 UTC
Tested in 4.2.0-0.okd-2019-07-22-195548 and this seems to be fixed, do we want to backport to 4.1.z as well? I believe this was fixed in https://github.com/openshift/cluster-config-operator/pull/70/commits/5619a4030da17bb26b88253ed4fdf8903500d5ff#diff-0564744bb4a0a4f26e8a117917c9273eL66

Comment 2 Mike Dame 2019-07-23 20:20:10 UTC
PR to backport: https://github.com/openshift/cluster-config-operator/pull/75

Comment 3 Xingxing Xia 2019-07-24 06:58:10 UTC
Verified in 4.2.0-0.nightly-2019-07-24-000310 env. Issue fixed.
(In reply to Mike Dame from comment #1)
> do we want to backport to 4.1.z as well?
It is fine to do that. Will check again once 4.1 PR merged. Thank you :)

Comment 4 Eric Paris 2019-07-24 14:17:21 UTC
Bugs should be first fixed in 4.2. This bug should be cloned and the cloned bug should have target release 4.1.z.

Comment 6 Mike Dame 2019-07-24 18:26:03 UTC
Cloned here: https://bugzilla.redhat.com/show_bug.cgi?id=1732934

Comment 7 errata-xmlrpc 2019-10-16 06:29:52 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.