CKCMO keeps updating the csr-signer although no change is needed. I0407 10:54:35.081638 298746 csrcontroller.go:167] CSRController sync done I0407 10:54:35.081699 298746 csrcontroller.go:128] Starting CSRController sync I0407 10:54:35.081791 298746 event.go:278] Event(v1.ObjectReference{Kind:"Deployment", Namespace:"openshift-kube-controller-manager-operator", Name:"kube-controller-manager-operator", UID:"840796e5-22d8-479c-b539-05c11be3f958", APIVersion:"apps/v1", ResourceVersion:"", FieldPath:""}): type: 'Normal' reason: 'SecretUpdated' Updated Secret/csr-signer -n openshift-kube-controller-manager because it changed I0407 10:54:46.046043 298746 core.go:281] Secret openshift-kube-controller-manager/csr-signer changes: {"type":null} I0407 10:54:46.230221 298746 csrcontroller.go:164] Refreshed CSRSigner. I0407 10:54:46.230237 298746 csrcontroller.go:167] CSRController sync done I0407 10:54:46.230250 298746 csrcontroller.go:128] Starting CSRController sync I0407 10:54:46.230249 298746 event.go:278] Event(v1.ObjectReference{Kind:"Deployment", Namespace:"openshift-kube-controller-manager-operator", Name:"kube-controller-manager-operator", UID:"840796e5-22d8-479c-b539-05c11be3f958", APIVersion:"apps/v1", ResourceVersion:"", FieldPath:""}): type: 'Normal' reason: 'SecretUpdated' Updated Secret/csr-signer -n openshift-kube-controller-manager because it changed I0407 10:54:57.144311 298746 core.go:281] Secret openshift-kube-controller-manager/csr-signer changes: {"type":null} I0407 10:54:57.323193 298746 csrcontroller.go:164] Refreshed CSRSigner. I0407 10:54:57.323220 298746 csrcontroller.go:167] CSRController sync done
Confirmed with payload: 4.5.0-0.nightly-2020-04-07-234835, the issue can't reproduced: oc logs -f po/kube-controller-manager-operator-6fc6f5957-wx22j I0408 06:53:53.088718 1 request.go:621] Throttling request took 1.164445911s, request: GET:https://172.30.0.1:443/api/v1/namespaces/openshift-kube-controller-manager/pods/kube-controller-manager-ip-10-0-129-61.us-east-2.compute.internal I0408 07:03:53.032004 1 request.go:621] Throttling request took 1.108140055s, request: GET:https://172.30.0.1:443/api/v1/namespaces/openshift-kube-controller-manager/pods/kube-controller-manager-ip-10-0-129-61.us-east-2.compute.internal I0408 07:13:52.947357 1 request.go:621] Throttling request took 1.015735836s, request: GET:https://172.30.0.1:443/api/v1/namespaces/openshift-kube-controller-manager/pods?labelSelector=app%3Dinstaller I0408 07:21:01.185033 1 event.go:278] Event(v1.ObjectReference{Kind:"Deployment", Namespace:"openshift-kube-controller-manager-operator", Name:"kube-controller-manager-operator", UID:"ee12da73-c49d-41d8-9728-87ce163eca87", APIVersion:"apps/v1", ResourceVersion:"", FieldPath:""}): type: 'Normal' reason: 'SecretCreated' Created Secret/csr-signer -n openshift-kube-controller-manager because it was missing
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:2409