Description of problem: After the completion of bootstrap node installation and deploying IPFailover container to master nodes, etcd cluster operator shows the following message. $ oc desctibe co etcd [...] Status: Conditions: Message: EtcdCertSignerControllerDegraded: [x509: certificate is valid for XX.XX.XX.XX, YY.YY.YY.YY, ZZ.ZZ.ZZ.ZZ, not AA.AA.AA.AA, x509: certificate is valid for xx.xx.xx.xx, yy.yy.yy.yy, zz.zz.zz.zz, not BB.BB.BB.BB] Reason: EtcdCertSignerController_Error Each master node has 3 NICs, and 2 IPFailover are deployed. XX.XX.XX.XX, YY.YY.YY.YY, ZZ.ZZ.ZZ.ZZ: IP addresses assigned to Master02 node AA.AA.AA.AA: VIP address for IPFailover 1 xx.xx.xx.xx, yy.yy.yy.yy, zz.zz.zz.zz: IP addresses assigned to Master03 node BB.BB.BB.BB: VIP address for IPFailover 2 The messages are shown only on Master02 and Master03 nodes, where VIP is assigned. Version-Release number of selected component (if applicable): Red Hat OpenShift Container Platform 4.9 How reproducible: 100% Steps to Reproduce: Confirmed only in the customer environment so far Actual results: etcd operator shows EtcdCertSignerControllerDegraded message. Expected results: etcd operator does not show any error message. Additional info: Similar issue is reported on Bug 1954121, but fixed in OCP 4.7.
Hey Yuki, I'll dupe this with 2046335, which is probably the exact same issue. Let me know if you need anything. *** This bug has been marked as a duplicate of bug 2046335 ***