Description of problem: Redeploying master certs does not redeploy and create a new /etc/origin/master/bootstrap.kubeconfig used when scaling up nodes. Version-Release number of the following components: openshift-ansible-3.11.123-1.git.0.db681ba.el7.noarch How reproducible: 100% Steps to Reproduce: 1. Redeploy CA 2. Redeploy master certs 3. Scale up adding new nodes Actual results: /etc/origin/master/bootstrap.kubeconfig is copied to new node containing incorrect old CA. Node fails to get added to cluster. Expected results: All associated files updated with ca when redeploy of master certs is run
Fixed in this bug: https://bugzilla.redhat.com/show_bug.cgi?id=1652746 roles/openshift_control_plane/tasks/bootstrap.yml --- # TODO: create a module for this command. # oc_serviceaccounts_kubeconfig - name: create service account kubeconfig with csr rights command: > {{ openshift_client_binary }} --config={{ openshift.common.config_base }}/master/admin.kubeconfig serviceaccounts create-kubeconfig {{ openshift_master_csr_sa }} -n {{ openshift_master_csr_namespace }} register: kubeconfig_out until: kubeconfig_out.rc == 0 retries: 24 delay: 5 - name: put service account kubeconfig into a file on disk for bootstrap copy: content: "{{ kubeconfig_out.stdout }}" dest: "/etc/origin/master/bootstrap.kubeconfig" *** This bug has been marked as a duplicate of bug 1652746 ***
If the OpenShift Container Platform CA was redeployed with the openshift-master/redeploy-openshift-ca.yml playbook you must add -e openshift_redeploy_openshift_ca=true to this command.