This is a clone of Bug #1822200. This is the description of that bug: Description of problem: We deployed a cluster into an existing AWS VPC (eu-central). The VPC is enabled with enableDnsSupport, enableDnsHostnames and DHCP options are set to domain-name = aws.example.com; domain-name-servers = AmazonProvidedDNS; After the deployment is ready the CSRs are not approved my the machine-approver. Version-Release number of selected component (if applicable): 4.4 rc.6 How reproducible: After the deployment is ready check CSRs Steps to Reproduce: 1. Create VPC with all requirements https://docs.openshift.com/container-platform/4.3/installing/installing_aws/installing-aws-vpc.html#installation-custom-aws-vpc-requirements_installing-aws-vpc 2. Enable options enableDnsSupport and enableDnsHostnames for the VPC 3. Setup DHCP options to domain-name = aws.example.com; domain-name-servers = AmazonProvidedDNS; 4. Create a Route53 private zone aws.example.com and attach it to the VPC 5. Deploy the cluster into the existing VPC Actual results: CSRs are pending Expected results: CSRs are approved Additional info: We tracked down the issue to https://github.com/openshift/cluster-api-provider-aws/blob/release-4.4/pkg/actuators/machine/utils.go#L404-L408 The EC2 instance PrivateDNS points to ip-xx-xx-xx-xx.eu-central-1.compute.internal but the kubelet reads the hostname from the meta-data service (http://169.254.169.254/latest/meta-data/hostname ) that will result in ip-xx-xx-xx-xx.eu-central-1.aws.example.com. The problem is that the Machine object has different addresses than the Node object and this causes the machine approver to reject the CSR
*** This bug has been marked as a duplicate of bug 1833361 ***