Bug 1880853 - OperatorPKI has no description in `oc explain` output
Summary: OperatorPKI has no description in `oc explain` output
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Networking
Version: 4.6
Hardware: Unspecified
OS: Unspecified
Target Milestone: ---
: 4.6.0
Assignee: Juan Luis de Sousa-Valadas
QA Contact: zhaozhanqi
Depends On:
TreeView+ depends on / blocked
Reported: 2020-09-20 16:57 UTC by Jason Boxman
Modified: 2020-10-27 16:43 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed: 2020-10-27 16:42:58 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Github openshift cluster-network-operator pull 798 0 None open Bug 1880853: Fix oc explain for operatorPKI 2020-09-21 15:50:14 UTC
Red Hat Product Errata RHBA-2020:4196 0 None None None 2020-10-27 16:43:15 UTC

Description Jason Boxman 2020-09-20 16:57:21 UTC
Description of problem:

I'm not actually sure if OperatorPKI should be exposed to users? But it appears in `oc api-resources` output, and each CRD in that output ideally provides API information when a user enters `oc explain <CRD>`.

How reproducible:


Steps to Reproduce:

`oc explain OperatorPKI`

Actual results:

KIND:     OperatorPKI
VERSION:  network.operator.openshift.io/v1


Expected results:

A description of what this CRD is for.

Additional info:

I haven't gotten the impression that this CRD is relevant to a user; Is it possible to remove it from the list of advertised APIs? To date, I've only seen `Network.operator` and `Network.config` as user-facing. I'm unfamiliar with the OperatorPKI CRD.

(I'm not sure what is the proper sub-component for this BZ.)

Comment 2 zhaozhanqi 2020-09-24 03:35:01 UTC
Verified this bug on 4.6.0-0.nightly-2020-09-23-022756

 oc explain OperatorPKI
KIND:     OperatorPKI
VERSION:  network.operator.openshift.io/v1

     OperatorPKI is a simple certificate authority. It is not intended for
     external use - rather, it is internal to the network operator. The CNO
     creates a CA and a certificate signed by that CA. The certificate has both
     ClientAuth and ServerAuth extended usages enabled. More specifically, given
     an OperatorPKI with <name>, the CNO will manage: - A Secret called
     <name>-ca with two data keys: - tls.key - the private key - tls.crt - the
     CA certificate - A ConfigMap called <name>-ca with a single data key: -
     cabundle.crt - the CA certificate(s) - A Secret called <name>-cert with two
     data keys: - tls.key - the private key - tls.crt - the certificate, signed
     by the CA The CA certificate will have a validity of 10 years, rotated
     after 9. The target certificate will have a validity of 6 months, rotated
     after 3 The CA certificate will have a CommonName of
     "<namespace>_<name>-ca@<timestamp>", where <timestamp> is the last rotation

   apiVersion	<string>
     APIVersion defines the versioned schema of this representation of an
     object. Servers should convert recognized schemas to the latest internal
     value, and may reject unrecognized values. More info:

   kind	<string>
     Kind is a string value representing the REST resource this object
     represents. Servers may infer this from the endpoint the client submits
     requests to. Cannot be updated. In CamelCase. More info:

   metadata	<Object>
     Standard object's metadata. More info:

   spec	<Object> -required-
     OperatorPKISpec is the PKI configuration.

   status	<map[string]>
     OperatorPKIStatus is not implemented.

Comment 5 errata-xmlrpc 2020-10-27 16:42:58 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (OpenShift Container Platform 4.6 GA Images), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.