Bug 1954129 - [ceo] Operator goes degraded when a second internal node ip is added after install
Summary: [ceo] Operator goes degraded when a second internal node ip is added after in...
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Etcd
Version: 4.8
Hardware: Unspecified
OS: Unspecified
Target Milestone: ---
: 4.8.0
Assignee: Maru Newby
QA Contact: ge liu
Depends On:
Blocks: 1954121 1957640 2007698
TreeView+ depends on / blocked
Reported: 2021-04-27 15:58 UTC by Maru Newby
Modified: 2023-09-15 01:05 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of: 1954121
Last Closed: 2021-05-06 17:51:47 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Github openshift cluster-etcd-operator pull 540 0 None closed Improve cert controller detection and correction of invalid certs 2021-04-27 15:58:19 UTC

Description Maru Newby 2021-04-27 15:58:19 UTC
A change in the set of internal ip addresses for a node causes the operator to go degraded. The operator is unable to detect node changes, so any discrepancy between node internal addresses and the SANs of certificates for that node is presumed to represent a potential membership change requiring manual intervention.

Comment 1 Maru Newby 2021-04-27 16:02:42 UTC
This bz is a hoop-jumping exercise to get a change that merged to 4.8 (see linked PR) eligible to be backported to 4.7. Changes to node ips (either due to membership changes or the addition of node internal ip addresses) previous to this change would result in the operator going degraded, but after the change certs will automatically be regenerated to be correct. Please prioritize testing this change to unblock the backport.

Comment 3 Maru Newby 2021-05-06 16:13:07 UTC
Re-opening. The original fix didn't reflect the possibility of node ip's changing on upgrade.

Comment 4 Maru Newby 2021-05-06 17:51:47 UTC
And, no further change required since an ip address change for the same node requires an out-of-band cluster membership change.

Comment 5 Red Hat Bugzilla 2023-09-15 01:05:46 UTC
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 500 days

Note You need to log in before you can comment on or make changes to this bug.