Description of problem: ---------------------- On a fresh deployed cluster with 4.8.0, I saw no certificate-related objects in HCO CR. In HCO CRD there are default values. Steps to Reproduce: ------------------ 1. oc get hyperconvergeds -n openshift-cnv kubevirt-hyperconverged -oyaml 2. oc get crd hyperconvergeds.hco.kubevirt.io -oyaml Actual results: -------------- 1. no cert-related objects. 2. cert objects and fields and defaults exist. Expected results: ---------------- HCO CR should include defaults. Additional info: --------------- [cnv-qe-jenkins@besso-48-ds5wj-executor ~]$ oc version Client Version: 4.8.0-202103210459.p0-1054107 Server Version: 4.8.0-0.nightly-2021-03-22-104536 Kubernetes Version: v1.20.0+39c0afe [cnv-qe-jenkins@besso-48-ds5wj-executor ~]$
I verified with osbs registry-proxy.engineering.redhat.com/rh-osbs/iib:68396. This time the HCO CRD had spec description: certConfig: default: ca: duration: 48h renewBefore: 24h server: duration: 24h renewBefore: 12h description: certConfig holds the rotation policy for internal, self-signed certificates properties: ca: default: duration: 48h renewBefore: 24h description: CA configuration - CA certs are kept in the CA bundle as long as they are valid properties: duration: description: The requested 'duration' (i.e. lifetime) of the Certificate. This should comply with golang's ParseDuration format (https://golang.org/pkg/time/#ParseDuration) type: string renewBefore: description: The amount of time before the currently issued certificate's `notAfter` time that we will begin to attempt to renew the certificate. This should comply with golang's ParseDuration format (https://golang.org/pkg/time/#ParseDuration) type: string type: object server: default: duration: 24h renewBefore: 12h description: Server configuration - Certs are rotated and discarded properties: duration: description: The requested 'duration' (i.e. lifetime) of the Certificate. This should comply with golang's ParseDuration format (https://golang.org/pkg/time/#ParseDuration) type: string renewBefore: description: The amount of time before the currently issued certificate's `notAfter` time that we will begin to attempt to renew the certificate. This should comply with golang's ParseDuration format (https://golang.org/pkg/time/#ParseDuration) type: string type: object type: object moving to VERIFIED.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Virtualization 4.8.0 Images), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2021:2920