Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-27399

duplicate pending CSR info shown on Nodes list page

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done-Errata
    • Icon: Undefined Undefined
    • 4.16.0
    • 4.16
    • Management Console
    • None
    • Moderate
    • No
    • False
    • Hide

      None

      Show
      None
    • Hide
      * Previously, a certificate signing request (CSR) might appear for a recently approved Node. With this update, the duplication is detected and does not show CSRs for approved Nodes. (link:https://issues.redhat.com/browse/OCPBUGS-27399[*OCPBUGS-27399*])
      Show
      * Previously, a certificate signing request (CSR) might appear for a recently approved Node. With this update, the duplication is detected and does not show CSRs for approved Nodes. (link: https://issues.redhat.com/browse/OCPBUGS-27399 [* OCPBUGS-27399 *])
    • Bug Fix
    • Done

      Description of problem:

      when there is only one server CSR pending on approval, we still show two records(one is client CSR requires approval which is already several hours old and the other is server CSR requires approval)

      Version-Release number of selected component (if applicable):

      pre-merge testing of https://github.com/openshift/console/pull/13493   

      How reproducible:

      Always

      Steps to Reproduce:

      1. select one node which is joining the cluster, approve client CSR and do not approve server CSR, wait for some time

=> we can see only one node is pending on server CSR approval
$ oc get csr | grep Pending | grep system:node
csr-54sn4   142m   kubernetes.io/kubelet-serving                 system:node:ip-10-0-49-55.us-east-2.compute.internal                        <none>              Pending
csr-7nhb9   65m    kubernetes.io/kubelet-serving                 system:node:ip-10-0-49-55.us-east-2.compute.internal                        <none>              Pending
csr-9g22f   4m4s   kubernetes.io/kubelet-serving                 system:node:ip-10-0-49-55.us-east-2.compute.internal                        <none>              Pending
csr-bgrdq   35m    kubernetes.io/kubelet-serving                 system:node:ip-10-0-49-55.us-east-2.compute.internal                        <none>              Pending
csr-chqnf   50m    kubernetes.io/kubelet-serving                 system:node:ip-10-0-49-55.us-east-2.compute.internal                        <none>              Pending
csr-f4sbl   127m   kubernetes.io/kubelet-serving                 system:node:ip-10-0-49-55.us-east-2.compute.internal                        <none>              Pending
csr-msnml   157m   kubernetes.io/kubelet-serving                 system:node:ip-10-0-49-55.us-east-2.compute.internal                        <none>              Pending
csr-p9qrp   19m    kubernetes.io/kubelet-serving                 system:node:ip-10-0-49-55.us-east-2.compute.internal                        <none>              Pending
csr-qp2pw   112m   kubernetes.io/kubelet-serving                 system:node:ip-10-0-49-55.us-east-2.compute.internal                        <none>              Pending
csr-qrlnv   96m    kubernetes.io/kubelet-serving                 system:node:ip-10-0-49-55.us-east-2.compute.internal                        <none>              Pending
csr-tk7j4   81m    kubernetes.io/kubelet-serving                 system:node:ip-10-0-49-55.us-east-2.compute.internal                        <none>              Pending

      Actual results:

      1. on nodes list page, we can see two rows shown for node ip-10-0-49-55.us-east-2.compute.internal

      Expected results:

      since the pending client CSR has been there for several hours and the node now is actually waiting for server CSR approval, we should only show one record/row to indicate user that it requires server CSR approval

The pending client CSR associated with ip-10-0-49-55.us-east-2.compute.internal is already 3 hours old
$ oc get csr csr-4d628
NAME        AGE   SIGNERNAME                                    REQUESTOR                                                                   REQUESTEDDURATION   CONDITION
csr-4d628   3h    kubernetes.io/kube-apiserver-client-kubelet   system:serviceaccount:openshift-machine-config-operator:node-bootstrapper   <none>              Pending

      Additional info:

              rawagner@redhat.com Rastislav Wagner
              rhn-support-yapei YaDan Pei
              YaDan Pei YaDan Pei
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: