We should get the insecure flag from provider config and default to secure connection if flag is missing https://vmware.github.io/vsphere-storage-for-kubernetes/documentation/existing.html#single-vcenter Steps for QE: 1. oc edit cm cloud-provider-config -n openshift-config 2. Add port under Global section [Global] insecure-flag = "1"
VALIDATED on clusterversion : [miyadav@miyadav ~]$ oc get clusterversion NAME VERSION AVAILABLE PROGRESSING SINCE STATUS version 4.5.0-0.nightly-2020-06-04-214605 True False 128m Cluster version is 4.5.0-0.nightly-2020-06-04-214605 Steps : Step1. Insecureflag already set in cm config , created new machineset [miyadav@miyadav ~]$ oc create -f machineset_insecureflag.yaml machineset.machine.openshift.io/miyadav-0605-5lrtj-worker-insec created [miyadav@miyadav ~]$ oc get machines -o wide NAME PHASE TYPE REGION ZONE AGE NODE PROVIDERID STATE miyadav-0605-5lrtj-master-0 Running 60m miyadav-0605-5lrtj-master-0 vsphere://420b6d2b-9677-77be-9fb2-701008877eaa poweredOn miyadav-0605-5lrtj-master-1 Running 60m miyadav-0605-5lrtj-master-1 vsphere://420b654d-12b7-7f62-7b98-dc357b9b2db2 poweredOn miyadav-0605-5lrtj-master-2 Running 60m miyadav-0605-5lrtj-master-2 vsphere://420bdc02-735b-5397-bbc0-a13520dc9a34 poweredOn miyadav-0605-5lrtj-worker-insec-jzcld Provisioned 8s vsphere://420b384c-59c0-c9e9-b93a-d1daf6562ff4 poweredOn miyadav-0605-5lrtj-worker-qbj8s Running 53m miyadav-0605-5lrtj-worker-qbj8s vsphere://420b0a4e-11ad-efae-7c08-079052f33dd9 poweredOn miyadav-0605-5lrtj-worker-z7s6j Running 53m miyadav-0605-5lrtj-worker-z7s6j vsphere://420b2f9c-8ee4-9c52-be3e-f33a51167f24 poweredOn [miyadav@miyadav ~]$ oc get machines -o wide NAME PHASE TYPE REGION ZONE AGE NODE PROVIDERID STATE miyadav-0605-5lrtj-master-0 Running 63m miyadav-0605-5lrtj-master-0 vsphere://420b6d2b-9677-77be-9fb2-701008877eaa poweredOn miyadav-0605-5lrtj-master-1 Running 63m miyadav-0605-5lrtj-master-1 vsphere://420b654d-12b7-7f62-7b98-dc357b9b2db2 poweredOn miyadav-0605-5lrtj-master-2 Running 63m miyadav-0605-5lrtj-master-2 vsphere://420bdc02-735b-5397-bbc0-a13520dc9a34 poweredOn miyadav-0605-5lrtj-worker-insec-jzcld Running 2m41s miyadav-0605-5lrtj-worker-insec-jzcld vsphere://420b384c-59c0-c9e9-b93a-d1daf6562ff4 poweredOn miyadav-0605-5lrtj-worker-qbj8s Running 55m miyadav-0605-5lrtj-worker-qbj8s vsphere://420b0a4e-11ad-efae-7c08-079052f33dd9 poweredOn miyadav-0605-5lrtj-worker-z7s6j Running 55m miyadav-0605-5lrtj-worker-z7s6j vsphere://420b2f9c-8ee4-9c52-be3e-f33a51167f24 poweredOn Machine scaled properly [miyadav@miyadav ~]$ oc scale machineset miyadav-0605-5lrtj-worker-insec --replicas=2 [miyadav@miyadav ~]$ oc get machines -o wide NAME PHASE TYPE REGION ZONE AGE NODE PROVIDERID STATE miyadav-0605-5lrtj-master-0 Running 76m miyadav-0605-5lrtj-master-0 vsphere://420b6d2b-9677-77be-9fb2-701008877eaa poweredOn miyadav-0605-5lrtj-master-1 Running 76m miyadav-0605-5lrtj-master-1 vsphere://420b654d-12b7-7f62-7b98-dc357b9b2db2 poweredOn miyadav-0605-5lrtj-master-2 Running 76m miyadav-0605-5lrtj-master-2 vsphere://420bdc02-735b-5397-bbc0-a13520dc9a34 poweredOn miyadav-0605-5lrtj-worker-insec-jzcld Running 16m miyadav-0605-5lrtj-worker-insec-jzcld vsphere://420b384c-59c0-c9e9-b93a-d1daf6562ff4 poweredOn miyadav-0605-5lrtj-worker-insec-w89r6 Running 5m34s miyadav-0605-5lrtj-worker-insec-w89r6 vsphere://420b0c88-743e-19bf-0a59-4c30830c34ba poweredOn miyadav-0605-5lrtj-worker-qbj8s Running 69m miyadav-0605-5lrtj-worker-qbj8s vsphere://420b0a4e-11ad-efae-7c08-079052f33dd9 poweredOn miyadav-0605-5lrtj-worker-z7s6j Running 69m miyadav-0605-5lrtj-worker-z7s6j vsphere://420b2f9c-8ee4-9c52-be3e-f33a51167f24 poweredOn machine scaled down properly [miyadav@miyadav ~]$ oc scale machineset miyadav-0605-5lrtj-worker-insec --replicas=1 machineset.machine.openshift.io/miyadav-0605-5lrtj-worker-insec scaled [miyadav@miyadav ~]$ oc get machines -o wide NAME PHASE TYPE REGION ZONE AGE NODE PROVIDERID STATE miyadav-0605-5lrtj-master-0 Running 78m miyadav-0605-5lrtj-master-0 vsphere://420b6d2b-9677-77be-9fb2-701008877eaa poweredOn miyadav-0605-5lrtj-master-1 Running 78m miyadav-0605-5lrtj-master-1 vsphere://420b654d-12b7-7f62-7b98-dc357b9b2db2 poweredOn miyadav-0605-5lrtj-master-2 Running 78m miyadav-0605-5lrtj-master-2 vsphere://420bdc02-735b-5397-bbc0-a13520dc9a34 poweredOn miyadav-0605-5lrtj-worker-insec-w89r6 Running 7m35s miyadav-0605-5lrtj-worker-insec-w89r6 vsphere://420b0c88-743e-19bf-0a59-4c30830c34ba poweredOn miyadav-0605-5lrtj-worker-qbj8s Running 71m miyadav-0605-5lrtj-worker-qbj8s vsphere://420b0a4e-11ad-efae-7c08-079052f33dd9 poweredOn miyadav-0605-5lrtj-worker-z7s6j Running 71m miyadav-0605-5lrtj-worker-z7s6j vsphere://420b2f9c-8ee4-9c52-be3e-f33a51167f24 poweredOn Additional info : When the flag was deleted from the cm config(port set to 443) , got below error in logs to show that it defaulted to secure connection E0605 08:25:14.753032 1 controller.go:272] miyadav-0605-5lrtj-worker-insec-thxwf: failed to check if machine exists: miyadav-0605-5lrtj-worker-insec-thxwf: failed to create scope for machine: failed to create vSphere session: error setting up new vSphere SOAP client: Post https://vcsa-qe.vmware.devcluster.openshift.com:443/sdk: x509: certificate signed by unknown authority when set the flag insecure-flag = "1" machine provisioned successfully and no errors
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:2409