Bug 1784841 - CSR approval fails on IPv6-enabled AWS clusters
Summary: CSR approval fails on IPv6-enabled AWS clusters
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Cloud Compute
Version: 4.4
Hardware: Unspecified
OS: Unspecified
Target Milestone: ---
: 4.4.0
Assignee: Brad Ison
QA Contact: Jianwei Hou
Depends On:
Blocks: 1784847
TreeView+ depends on / blocked
Reported: 2019-12-18 12:46 UTC by Brad Ison
Modified: 2020-04-01 02:06 UTC (History)
0 users

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
: 1784847 (view as bug list)
Last Closed: 2020-04-01 02:06:52 UTC
Target Upstream Version:

Attachments (Terms of Use)

Description Brad Ison 2019-12-18 12:46:28 UTC
Description of problem:

IPv6 enabled clusters on AWS fail to have their CSRs automatically approved because:

- The AWS actuator does not include IPv6 addresses in the Machine status, which the cluster-machine-approver requires.

- The cluster-machine-approver fails to connect to IPv6 addresses to retrieve the current serving certificate.

Version-Release number of selected component (if applicable):

- 4.4

How reproducible:

- Always

Steps to Reproduce:
1. Create an IPv6 enabled AWS cluster.
2. Initial nodes are always approved during bootstrap.
3. Add a new node / machine by scaling a MachineSet up.
4. The new node will not have its CSR approved automatically.

Actual results:

- IPv6 enabled AWS nodes do not have certificates automatically approved.

Expected results:

- IPv6 enabled AWS nodes do have certificates automatically approved.

Additional info:

- IPv6 support is not yet finished, and only certain custom builds have it enabled.

Note You need to log in before you can comment on or make changes to this bug.