Bug 1747183 - machine-approver cannot rebootstrap on a cluster with expired kubelet client credentials
Summary: machine-approver cannot rebootstrap on a cluster with expired kubelet client ...
Keywords:
Status: CLOSED DUPLICATE of bug 1737611
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Cloud Compute
Version: 4.2.0
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: ---
: ---
Assignee: Jan Chaloupka
QA Contact: Jianwei Hou
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-08-29 20:15 UTC by David Eads
Modified: 2019-09-04 10:25 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-09-04 10:25:31 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)

Description David Eads 2019-08-29 20:15:35 UTC 
I'm looking for the cloud team which I think picked up the machine-approver. It is not owned by auth.

Even with a valid bootstrap credential (see https://bugzilla.redhat.com/show_bug.cgi?id=1735180 and https://github.com/openshift/machine-config-operator/pull/1027), the CSR is never approved unless the machine-approver is already running.  This isn't always the case, consider resuming a cluster's VMs.

The current workaround is to manually approve. I find this to be a reasonable short-term workaround, but it probably needs to be documented.
Comment 1 David Eads 2019-08-29 20:22:59 UTC 
this is the command I used. `oc get csr -oname | xargs oc adm certificate approve`
Comment 2 Alberto 2019-09-04 10:25:31 UTC 

*** This bug has been marked as a duplicate of bug 1737611 ***
Note You need to log in before you can comment on or make changes to this bug.