Uploaded image for project: 'Red Hat Advanced Cluster Management'
  1. Red Hat Advanced Cluster Management
  2. ACM-14793

Cannot switch hub due to many CSRs created

XMLWordPrintable

    • 2
    • False
    • None
    • False
    • SF Train-20
    • Important
    • None

      Description of problem:

      the managed cluster cannot be ready when switch from hub1 to hub2. the managed cluster is in pending importing status.

       

      If check the CSR in new hub, there are many CSRs

      ```

      demo-managed-a1-4ld9q                              107s   kubernetes.io/kube-apiserver-client             system:serviceaccount:open-cluster-management-global-hub-agent-addon:migration-sample   <none>              Approved,Issued
      demo-managed-a1-5vfvr                              107s   kubernetes.io/kube-apiserver-client             system:serviceaccount:open-cluster-management-global-hub-agent-addon:migration-sample   <none>              Approved,Issued
      demo-managed-a1-86qqr                              107s   kubernetes.io/kube-apiserver-client             system:serviceaccount:open-cluster-management-global-hub-agent-addon:migration-sample   <none>              Approved,Issued
      demo-managed-a1-n7kb9                              107s   kubernetes.io/kube-apiserver-client             system:serviceaccount:open-cluster-management-global-hub-agent-addon:migration-sample   <none>              Approved,Issued
      demo-managed-a1-pfbxc                              107s   kubernetes.io/kube-apiserver-client             system:serviceaccount:open-cluster-management-global-hub-agent-addon:migration-sample   <none>              Approved,Issued
      demo-managed-a1-px2b5                              107s   kubernetes.io/kube-apiserver-client             system:serviceaccount:open-cluster-management-global-hub-agent-addon:migration-sample   <none>              Approved,Issued
      demo-managed-a1-r6g4l                              107s   kubernetes.io/kube-apiserver-client             system:serviceaccount:open-cluster-management-global-hub-agent-addon:migration-sample   <none>              Approved,Issued
      demo-managed-a1-rhrfh                              107s   kubernetes.io/kube-apiserver-client             system:serviceaccount:open-cluster-management-global-hub-agent-addon:migration-sample   <none>              Approved,Issued
      demo-managed-a1-tfhvf                              107s   kubernetes.io/kube-apiserver-client             system:serviceaccount:open-cluster-management-global-hub-agent-addon:migration-sample   <none>              Approved,Issued
      demo-managed-a1-xmlcj                              107s   kubernetes.io/kube-apiserver-client             system:serviceaccount:open-cluster-management-global-hub-agent-addon:migration-sample   <none>              Approved,Issued

      ```

      in managedcluster, we can see

      ```

        - lastTransitionTime: "2024-10-10T06:14:42Z"
          message: Stop creating csr since there are too many csr created already on hub
          reason: ClientCertificateUpdateFailed
          status: "False"
          type: ClusterCertificateRotated

      ```

      Delete all CSRs can make it works.

      Version-Release number of selected component (if applicable):

      How reproducible:

      Found this issue in several times.

      Steps to Reproduce:

      1.  
      2.  
      3. ...

      Actual results:

      Expected results:

      Additional info:

              zxue@redhat.com ZHAO XUE
              clyang82 Chunlin Yang
              Hui Chen Hui Chen
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: