Bug 1939278 - Backport Avoid node disruption when kube-apiserver-to-kubelet-signer is rotated
Summary: Backport Avoid node disruption when kube-apiserver-to-kubelet-signer is rotated
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Machine Config Operator
Version: 4.7
Hardware: All
OS: Linux
high
urgent
Target Milestone: ---
: 4.7.z
Assignee: Yu Qi Zhang
QA Contact: Michael Nguyen
URL:
Whiteboard:
Depends On: 1921894
Blocks:
TreeView+ depends on / blocked
 
Reported: 2021-03-15 22:15 UTC by Yu Qi Zhang
Modified: 2021-03-30 23:58 UTC (History)
8 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of: 1921894
Environment:
Last Closed: 2021-03-30 04:46:37 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift machine-config-operator pull 2464 0 None open Bug 1939278: Backport kubelet CA no-drain rotation 2021-03-16 20:53:22 UTC
Red Hat Product Errata RHSA-2021:0957 0 None None None 2021-03-30 04:46:56 UTC

Comment 3 Michael Nguyen 2021-03-22 13:56:15 UTC
Verified on 4.7.0-0.nightly-2021-03-22-025559.  Kubelet cert rotation does not cause any reboots and updates in about a minute.

$ oc get clusterversion
NAME      VERSION                             AVAILABLE   PROGRESSING   SINCE   STATUS
version   4.7.0-0.nightly-2021-03-22-025559   True        False         27m     Cluster version is 4.7.0-0.nightly-2021-03-22-025559

Comment 5 errata-xmlrpc 2021-03-30 04:46:37 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.7.4 security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2021:0957


Note You need to log in before you can comment on or make changes to this bug.