Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-10223

kubeconfig CA includes all signers

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Major
    • 4.13.0, 4.14.0
    • 4.13
    • MicroShift
    • None
    • No
    • uShift Sprint 233
    • 1
    • Rejected
    • False
    • Hide

      None

      Show
      None
    • The certificate authorities used to generate kubeconfig files for MicroShift's embedded components are reconfigured to ensure the kubeconfigs are independent.
    • Bug Fix

    Description

      Description of problem:

      All kubeconfigs are using a CA bundle including all 3 different signers: service network, localhost and external. This makes kubeconfigs interchangeable and capable of validating for other networks than the ones they are intended to be used.
Each kubeconfig shall use the signer for the network it belongs to.

      Version-Release number of selected component (if applicable):

      4.13

      How reproducible:

      Install MicroShift, then check the CAs for all generated kubeconfigs under /var/lib/microshift/resources/kubeadmin

      Steps to Reproduce:

      1.
2.
3.

      Actual results:

      Same CA in all kubeconfigs

      Expected results:

      Specific network CA for each kubeconfig

      Additional info:

       

      Attachments

        Issue Links

          clones

          Bug - A problem that impairs or prevents the functions of the product. OCPBUGS-8301 kubeconfig CA includes all signers

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed
          is blocked by

          Bug - A problem that impairs or prevents the functions of the product. OCPBUGS-8301 kubeconfig CA includes all signers

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed
          links to

          GitHub openshift/microshift#1500: [release-4.13] OCPBUGS-10223: Use correct CAs in kubeconfig files

          Activity

            People

              pacevedo@redhat.com Pablo Acevedo Montserrat
              pacevedo@redhat.com Pablo Acevedo Montserrat
              John George John George
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: