Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1821689

Summary: When changed CSR signer hot loops on update
Product: OpenShift Container Platform Reporter: Tomáš Nožička <tnozicka>
Component: kube-controller-managerAssignee: Tomáš Nožička <tnozicka>
Status: CLOSED ERRATA QA Contact: zhou ying <yinzhou>
Severity: medium Docs Contact:
Priority: high    
Version: 4.4CC: aos-bugs, maszulik, mfojtik
Target Milestone: ---   
Target Release: 4.5.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: No Doc Update
Doc Text:
Story Points: ---
Clone Of:
: 1821690 (view as bug list) Environment:
Last Closed: 2020-07-13 17:26:04 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1821690    

Description Tomáš Nožička 2020-04-07 12:23:43 UTC 
CKCMO keeps updating the csr-signer although no change is needed.

I0407 10:54:35.081638  298746 csrcontroller.go:167] CSRController sync done
I0407 10:54:35.081699  298746 csrcontroller.go:128] Starting CSRController sync
I0407 10:54:35.081791  298746 event.go:278] Event(v1.ObjectReference{Kind:"Deployment", Namespace:"openshift-kube-controller-manager-operator", Name:"kube-controller-manager-operator", UID:"840796e5-22d8-479c-b539-05c11be3f958", APIVersion:"apps/v1", ResourceVersion:"", FieldPath:""}): type: 'Normal' reason: 'SecretUpdated' Updated Secret/csr-signer -n openshift-kube-controller-manager because it changed
I0407 10:54:46.046043  298746 core.go:281] Secret openshift-kube-controller-manager/csr-signer changes: {"type":null}
I0407 10:54:46.230221  298746 csrcontroller.go:164] Refreshed CSRSigner.
I0407 10:54:46.230237  298746 csrcontroller.go:167] CSRController sync done
I0407 10:54:46.230250  298746 csrcontroller.go:128] Starting CSRController sync
I0407 10:54:46.230249  298746 event.go:278] Event(v1.ObjectReference{Kind:"Deployment", Namespace:"openshift-kube-controller-manager-operator", Name:"kube-controller-manager-operator", UID:"840796e5-22d8-479c-b539-05c11be3f958", APIVersion:"apps/v1", ResourceVersion:"", FieldPath:""}): type: 'Normal' reason: 'SecretUpdated' Updated Secret/csr-signer -n openshift-kube-controller-manager because it changed
I0407 10:54:57.144311  298746 core.go:281] Secret openshift-kube-controller-manager/csr-signer changes: {"type":null}
I0407 10:54:57.323193  298746 csrcontroller.go:164] Refreshed CSRSigner.
I0407 10:54:57.323220  298746 csrcontroller.go:167] CSRController sync done
Comment 4 zhou ying 2020-04-08 07:24:54 UTC 
Confirmed with payload: 4.5.0-0.nightly-2020-04-07-234835, the issue can't reproduced:

oc logs -f po/kube-controller-manager-operator-6fc6f5957-wx22j

I0408 06:53:53.088718       1 request.go:621] Throttling request took 1.164445911s, request: GET:https://172.30.0.1:443/api/v1/namespaces/openshift-kube-controller-manager/pods/kube-controller-manager-ip-10-0-129-61.us-east-2.compute.internal
I0408 07:03:53.032004       1 request.go:621] Throttling request took 1.108140055s, request: GET:https://172.30.0.1:443/api/v1/namespaces/openshift-kube-controller-manager/pods/kube-controller-manager-ip-10-0-129-61.us-east-2.compute.internal
I0408 07:13:52.947357       1 request.go:621] Throttling request took 1.015735836s, request: GET:https://172.30.0.1:443/api/v1/namespaces/openshift-kube-controller-manager/pods?labelSelector=app%3Dinstaller
I0408 07:21:01.185033       1 event.go:278] Event(v1.ObjectReference{Kind:"Deployment", Namespace:"openshift-kube-controller-manager-operator", Name:"kube-controller-manager-operator", UID:"ee12da73-c49d-41d8-9728-87ce163eca87", APIVersion:"apps/v1", ResourceVersion:"", FieldPath:""}): type: 'Normal' reason: 'SecretCreated' Created Secret/csr-signer -n openshift-kube-controller-manager because it was missing
Comment 5 errata-xmlrpc 2020-07-13 17:26:04 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:2409