Bug 1825983 - KCM doesn't get new client certs on recovery flow
Summary: KCM doesn't get new client certs on recovery flow
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: kube-controller-manager
Version: 4.5
Hardware: Unspecified
OS: Unspecified
urgent
urgent
Target Milestone: ---
: 4.5.0
Assignee: Tomáš Nožička
QA Contact: zhou ying
URL:
Whiteboard:
Depends On:
Blocks: 1825987 1827989
TreeView+ depends on / blocked
 
Reported: 2020-04-20 15:59 UTC by Tomáš Nožička
Modified: 2020-07-13 17:29 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: No Doc Update
Doc Text:
Clone Of:
: 1825987 1827989 (view as bug list)
Environment:
Last Closed: 2020-07-13 17:29:09 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift cluster-kube-controller-manager-operator pull 400 0 None closed Bug 1825983: Sync new client cert-key on recovery 2020-10-20 10:40:56 UTC
Red Hat Product Errata RHBA-2020:2409 0 None None None 2020-07-13 17:29:23 UTC

Description Tomáš Nožička 2020-04-20 15:59:18 UTC
On recovery flow, KASO regenerate certificates routine create new KCM client certs in openshift-config-managed namespace. We need to sync them to openshift-kube-controller-manager namespace so cert syncer can sync them to disk to be live-reloaded.

Comment 3 zhou ying 2020-04-26 06:37:56 UTC
Confrimed with payload: 4.5.0-0.nightly-2020-04-24-231436, the issue has fixed:

[root@dhcp-140-138 scripts]# ./check_secrets_experts.sh 
2020-04-26T03:57:18Z  2020-04-26T15:57:19Z  openshift-config-managed	kube-controller-manager-client-cert-key
...
2020-04-26T03:57:18Z  2020-04-26T15:57:19Z  openshift-kube-controller-manager	kube-controller-manager-client-cert-key

Comment 4 errata-xmlrpc 2020-07-13 17:29:09 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:2409


Note You need to log in before you can comment on or make changes to this bug.