-
Bug
-
Resolution: Done-Errata
-
None
-
False
-
-
False
-
CLOSED
-
---
-
---
Description of problem:
When setting tlsSecurityProfile in APIServer, it should take up to 60 seconds (the HCO period time) to be updated in cluster-network-addons-operator, but it takes much more (more than 10 minutes)
Version-Release number of selected component (if applicable):
OCP 4.12.0-ec.1
CNV 4.12.0
hyperconverged-cluster-operator: v4.12.0-65
How reproducible:
100%
Steps to Reproduce:
1.
Verify no tlsSecurityProfile is set in HCO:
$ oc get hco -n openshift-cnv kubevirt-hyperconverged -ojsonpath=
$
2.
Apply a change in APIserver, to set a new tlsEcurityProfile:
a. $ oc edit apiserver cluster
b. Add (to .spec):
spec:
...
tlsSecurityProfile:
old: {}
type: Old
c. Exit the resource edit
3.
Check tlsEcurityProdile in NetworkAddonsConfig after 60 seconds (operator cycle time):
$ oc get NetworkAddonsConfig cluster -ojsonpath={.spec.tlsSecurityProfile}
;echo
Actual results:
Still not updated
{"intermediate":{},"type":"Intermediate"}
Expected results:
Same setting as in the APIServer:
{"old":{},"type":"Old"}
Additional info:
Not sure it is related, but the log that appears in hco-operator immediately when applying the change in APIServer includes a message saying "No HyperConverged resource":
2022-09-19T12:22:24.916912997Z
{"level":"info","ts":1663590144.916714,"logger":"controller_hyperconverged","msg":"Reconciling for openshiftconfigv1.APIServer"}2022-09-19T12:22:24.916912997Z
{"level":"info","ts":1663590144.9168296,"logger":"controller_hyperconverged","msg":"Reconciling for openshiftconfigv1.APIServer"}2022-09-19T12:22:24.916998663Z
{"level":"info","ts":1663590144.9169204,"logger":"controller_hyperconverged","msg":"Triggered by ApiServer CR, refreshing it","Request.Namespace":"openshift-cnv","Request.Name":"api-server-cr-5bdfa811-d680-43c0-9feb-d308c63eaa11"}2022-09-19T12:22:24.917475913Z
{"level":"info","ts":1663590144.9171374,"logger":"controller_hyperconverged","msg":"No HyperConverged resource","Request.Namespace":"openshift-cnv","Request.Name":"api-server-cr-5bdfa811-d680-43c0-9feb-d308c63eaa11"}- external trackers