Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1780252

Summary: API server is sending thousands of errors about removing user-serving-cert secret
Product: OpenShift Container Platform Reporter: Rob Szumski <rszumski>
Component: kube-apiserverAssignee: Michal Fojtik <mfojtik>
Status: CLOSED ERRATA QA Contact: Ke Wang <kewang>
Severity: medium Docs Contact:
Priority: medium    
Version: 4.2.zCC: aos-bugs, arghosh, christian.grundmann, clasohm, dsh, jokerman, jreimann, mfojtik, nagrawal, sttts, susuresh, xxia
Target Milestone: ---   
Target Release: 4.2.z   
Hardware: x86_64   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-06-03 09:26:03 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1772190    
Bug Blocks:    
Attachments:
Description Flags
Console event screen with Pod events none

Description Rob Szumski 2019-12-05 15:14:13 UTC 
Created attachment 1642407 [details]
Console event screen with Pod events

Description of problem:
Upon upgrade to 4.2.9, I am starting to see thousands of duplicate events about a user-serving-cert being removed. These are emitted by cert-syncer-cert-sync-controller from the API server Pod.

`Removed file for secret: /%!(EXTRA *errors.StatusError=secrets "user-serving-cert" not found)`

Version-Release number of selected component (if applicable): 4.2.9


How reproducible:
Upgprade to 4.2.9 without setting any configuration related to user serving certs

Steps to Reproduce:
1.
2.
3.

Actual results:
Thousands of events

Expected results:
No events

Additional info:
Comment 3 Michal Fojtik 2020-05-05 07:50:33 UTC 
This was backported in https://github.com/openshift/library-go/pull/629

Moving to MODIFIED.
Comment 6 Ke Wang 2020-05-08 07:40:39 UTC 
Per PR https://github.com/openshift/library-go/pull/629, do the following verification with OCP env 4.2.0-0.nightly-2020-05-03-213251,

$  oc get events |grep -i "Removed file for secret"

Nothing found. So move the bug verified.
Comment 7 Ke Wang 2020-05-08 08:11:26 UTC 
Found a similar PR https://github.com/openshift/cluster-kube-apiserver-operator/pull/766 included this PR 629 before.

$ git log --date local --pretty="%h %an %cd - %s" 1224485 | grep '#766'
9c8727ea OpenShift Merge Robot Thu Feb 20 10:03:10 2020 - Merge pull request #766 from mfojtik/bump-library-go-42
Comment 9 errata-xmlrpc 2020-06-03 09:26:03 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:2307