Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-16156

kubelet-serving CSRs in Pending state on SNO with Telco DU profile after running tests for a couple of hours

XMLWordPrintable

    • Critical
    • No
    • 2
    • OCP VE Sprint 240
    • 1
    • Approved
    • False
    • Hide

      This would be a regression for anyone installing a new composable openshift cluster when compared with earlier releases. If their capability set does not include Machine API, then CSR approval is broken and their cluster will degrade once the first set of certificates expire (eg they lose access to `oc logs`).
      We must fix this before 4.14 is cut or revert the Machine API capability changes.

      Show
      This would be a regression for anyone installing a new composable openshift cluster when compared with earlier releases. If their capability set does not include Machine API, then CSR approval is broken and their cluster will degrade once the first set of certificates expire (eg they lose access to `oc logs`). We must fix this before 4.14 is cut or revert the Machine API capability changes.
    • Hide
      8/8: being seen again on recent nightlies
      8/1: automation blocker - no longer blocking, but keeping this on til we close the epic (CNF-6318)
      Show
      8/8: being seen again on recent nightlies 8/1: automation blocker - no longer blocking, but keeping this on til we close the epic (CNF-6318)

      Description of problem:

      After running tests on an SNO with Telco DU profile for a couple of hours kubernetes.io/kubelet-serving CSRs in Pending state start showing up and accumulating in time.

      Version-Release number of selected component (if applicable):

      4.14.0-ec.3

      How reproducible:

      So far on 2 different environments

      Steps to Reproduce:

      1. Deploy SNO with Telco DU profile
2. Run system tests
3. Check CSRs status

      Actual results:

      oc get csr | grep Pending | wc -l
34

      Expected results:

      No Pending CSRs

      Additional info:

      This issue blocks retrieving pod logs.

Attaching must-gather and sosreport after manually approving CSRs.

              bzamalut@redhat.com Bulat Zamalutdinov
              mcornea@redhat.com Marius Cornea
              Marius Cornea Marius Cornea
              Votes:
              0 Vote for this issue
              Watchers:
              15 Start watching this issue

                Created:
                Updated:
                Resolved: