Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1809944

Summary: openshift-apiserver degraded due to expired certificate errors
Product: OpenShift Container Platform Reporter: Lukasz Szaszkiewicz <lszaszki>
Component: openshift-apiserverAssignee: Lukasz Szaszkiewicz <lszaszki>
Status: CLOSED ERRATA QA Contact: Xingxing Xia <xxia>
Severity: high Docs Contact:
Priority: high    
Version: 4.4CC: aos-bugs, juzhao, mfojtik, spadgett, sttts, xxia
Target Milestone: ---Keywords: Regression
Target Release: 4.5.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: No Doc Update
Doc Text:
Story Points: ---
Clone Of: 1805182 Environment:
Version: 4.4.0-0.ci-2020-02-18-125517 Cluster ID: f838b3e0-b021-45ad-9081-c4939ef384cb Browser: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:73.0) Gecko/20100101 Firefox/73.0
Last Closed: 2020-07-13 17:17:56 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1805182    

Comment 6 Xingxing Xia 2020-03-06 11:49:10 UTC 
Verified in 4.5.0-0.nightly-2020-03-05-190442 env:
$ oc logs kube-apiserver-ip-10-0-139-77.us-east-2.compute.internal -n openshift-kube-apiserver -c kube-apiserver -f > kas-45.log # reported bug 1810997
In another terminal:
$ oc get po -n openshift-kube-apiserver -l apiserver --show-labels --watch
In third terminal:
$ oc edit secret/aggregator-client -n openshift-kube-apiserver # remove auth.openshift.io/certificate-not-after and before
Then check above logs, found:
$ grep aggregator-clien kas-45.log
I0306 11:35:17.857384       1 dynamic_serving_content.go:111] Loaded a new cert/key pair for "aggregator-proxy-cert::/etc/kubernetes/static-pod-certs/secrets/aggregator-client/tls.crt::/etc/kubernetes/static-pod-certs/secrets/aggregator-client/tls.key"
Comment 8 errata-xmlrpc 2020-07-13 17:17:56 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:2409