Description of problem:
After standing up a new 4.2 integration cluster, for our starter environments, we attempted to apply our new certificates and this led to the cluster falling into a degraded state. The symptoms we observed were:
- all the worker nodes were marked as NotReady
- the kubelet logs showed lots of "unauthorizied" and "invalid certificate" errors
- Multiple cluster operators were flagged as degraded
Version-Release number of selected component (if applicable):
$ oc get clusterversion
NAME VERSION AVAILABLE PROGRESSING SINCE STATUS
version 4.2.0-0.nightly-2019-08-29-062233 True False 13h Cluster version is 4.2.0-0.nightly-2019-08-29-062233
Unknown. This happened on the very first 4.2 cluster we stood up.
Steps to Reproduce:
1. Install the latest 4.2 nightly build
2. Apply new certificates to the cluster
The cluster became degraded and unable to proceed with applying the custom certificates and ultimately became unusable.
The cluster operators should be able to apply custom certificates without degrading the system to an unusable state
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.