Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-11227

Relax CSR check due to k8s 1.27 changes

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Critical Critical
    • None
    • 4.13, 4.14
    • None
    • No
    • CLOUD Sprint 234, CLOUD Sprint 235
    • 2
    • Proposed
    • False
    • Hide

      None

      Show
      None
    • N/A
    • Bug Fix
    • Done

      Kubernetes 1.27 changes validation of CSR for non-RSA kubelet client/serving CSRs, see https://github.com/kubernetes/kubernetes/issues/109077 and the PR changing https://github.com/kubernetes/kubernetes/pull/111660.

      For that reason our machine-config-approver needs to relax the validation in https://github.com/openshift/cluster-machine-approver/blob/d74f42bb37c4130ae1e91819d90ad40a51ec472b/pkg/controller/csr_check.go#L84-L86 such that it appropriately expects the necessary key usage.

            joelspeed Joel Speed
            maszulik1@redhat.com Maciej Szulik (Inactive)
            Milind Yadav Milind Yadav
            Votes:
            0 Vote for this issue
            Watchers:
            7 Start watching this issue

              Created:
              Updated:
              Resolved: