+++ This bug was initially created as a clone of Bug #1821689 +++ CKCMO keeps updating the csr-signer although no change is needed. I0407 10:54:35.081638 298746 csrcontroller.go:167] CSRController sync done I0407 10:54:35.081699 298746 csrcontroller.go:128] Starting CSRController sync I0407 10:54:35.081791 298746 event.go:278] Event(v1.ObjectReference{Kind:"Deployment", Namespace:"openshift-kube-controller-manager-operator", Name:"kube-controller-manager-operator", UID:"840796e5-22d8-479c-b539-05c11be3f958", APIVersion:"apps/v1", ResourceVersion:"", FieldPath:""}): type: 'Normal' reason: 'SecretUpdated' Updated Secret/csr-signer -n openshift-kube-controller-manager because it changed I0407 10:54:46.046043 298746 core.go:281] Secret openshift-kube-controller-manager/csr-signer changes: {"type":null} I0407 10:54:46.230221 298746 csrcontroller.go:164] Refreshed CSRSigner. I0407 10:54:46.230237 298746 csrcontroller.go:167] CSRController sync done I0407 10:54:46.230250 298746 csrcontroller.go:128] Starting CSRController sync I0407 10:54:46.230249 298746 event.go:278] Event(v1.ObjectReference{Kind:"Deployment", Namespace:"openshift-kube-controller-manager-operator", Name:"kube-controller-manager-operator", UID:"840796e5-22d8-479c-b539-05c11be3f958", APIVersion:"apps/v1", ResourceVersion:"", FieldPath:""}): type: 'Normal' reason: 'SecretUpdated' Updated Secret/csr-signer -n openshift-kube-controller-manager because it changed I0407 10:54:57.144311 298746 core.go:281] Secret openshift-kube-controller-manager/csr-signer changes: {"type":null} I0407 10:54:57.323193 298746 csrcontroller.go:164] Refreshed CSRSigner. I0407 10:54:57.323220 298746 csrcontroller.go:167] CSRController sync done
Confirmed with payload :4.4.0-0.nightly-2020-04-09-220855, the issue has fixed: 1) one terminal delete secrets : `oc delete secrets csr-signer -n openshift-kube-controller-manager` 2) on second terminal check logs from CKCMO: oc logs -f po/kube-controller-manager-operator-5f47c4d756-l8p8p -n openshift-kube-controller-manager-operator I0413 01:57:25.894786 1 event.go:281] Event(v1.ObjectReference{Kind:"Deployment", Namespace:"openshift-kube-controller-manager-operator", Name:"kube-controller-manager-operator", UID:"22273bd2-2b95-426d-93bc-06f3191ab756", APIVersion:"apps/v1", ResourceVersion:"", FieldPath:""}): type: 'Normal' reason: 'OperatorStatusChanged' Status for clusteroperator/kube-controller-manager changed: Degraded message changed from "NodeControllerDegraded: All master nodes are ready\nStaticPodsDegraded: nodes/ip-10-0-163-185.us-east-2.compute.internal pods/kube-controller-manager-ip-10-0-163-185.us-east-2.compute.internal container=\"cluster-policy-controller\" is not ready" to "NodeControllerDegraded: All master nodes are ready" I0413 06:26:54.336426 1 event.go:281] Event(v1.ObjectReference{Kind:"Deployment", Namespace:"openshift-kube-controller-manager-operator", Name:"kube-controller-manager-operator", UID:"22273bd2-2b95-426d-93bc-06f3191ab756", APIVersion:"apps/v1", ResourceVersion:"", FieldPath:""}): type: 'Normal' reason: 'SecretCreated' Created Secret/csr-signer -n openshift-kube-controller-manager because it was missing
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:0581