Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-16156

kubelet-serving CSRs in Pending state on SNO with Telco DU profile after running tests for a couple of hours

    XMLWordPrintable

Details

    • Critical
    • No
    • 2
    • OCP VE Sprint 240
    • 1
    • Approved
    • False
    • Hide

      This would be a regression for anyone installing a new composable openshift cluster when compared with earlier releases. If their capability set does not include Machine API, then CSR approval is broken and their cluster will degrade once the first set of certificates expire (eg they lose access to `oc logs`).
      We must fix this before 4.14 is cut or revert the Machine API capability changes.

      Show
      This would be a regression for anyone installing a new composable openshift cluster when compared with earlier releases. If their capability set does not include Machine API, then CSR approval is broken and their cluster will degrade once the first set of certificates expire (eg they lose access to `oc logs`). We must fix this before 4.14 is cut or revert the Machine API capability changes.
    • Hide
      8/8: being seen again on recent nightlies
      8/1: automation blocker - no longer blocking, but keeping this on til we close the epic (CNF-6318)
      Show
      8/8: being seen again on recent nightlies 8/1: automation blocker - no longer blocking, but keeping this on til we close the epic (CNF-6318)

    Description

      Description of problem:

      After running tests on an SNO with Telco DU profile for a couple of hours kubernetes.io/kubelet-serving CSRs in Pending state start showing up and accumulating in time.

      Version-Release number of selected component (if applicable):

      4.14.0-ec.3

      How reproducible:

      So far on 2 different environments

      Steps to Reproduce:

      1. Deploy SNO with Telco DU profile
2. Run system tests
3. Check CSRs status

      Actual results:

      oc get csr | grep Pending | wc -l
34

      Expected results:

      No Pending CSRs

      Additional info:

      This issue blocks retrieving pod logs.

Attaching must-gather and sosreport after manually approving CSRs.

      Attachments

        Activity

          People

            bzamalut@redhat.com Bulat Zamalutdinov
            mcornea@redhat.com Marius Cornea
            Marius Cornea Marius Cornea
            Votes:
            0 Vote for this issue
            Watchers:
            14 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: