Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-27399

duplicate pending CSR info shown on Nodes list page

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done-Errata
    • Icon: Undefined Undefined
    • 4.16.0
    • 4.16
    • Management Console
    • None
    • Moderate
    • No
    • False
    • Hide

      None

      Show
      None
    • Hide
      * Previously, a certificate signing request (CSR) might appear for a recently approved Node. With this update, the duplication is detected and does not show CSRs for approved Nodes. (link:https://issues.redhat.com/browse/OCPBUGS-27399[*OCPBUGS-27399*])
      Show
      * Previously, a certificate signing request (CSR) might appear for a recently approved Node. With this update, the duplication is detected and does not show CSRs for approved Nodes. (link: https://issues.redhat.com/browse/OCPBUGS-27399 [* OCPBUGS-27399 *])
    • Bug Fix
    • Done

      Description of problem:

      when there is only one server CSR pending on approval, we still show two records(one is client CSR requires approval which is already several hours old and the other is server CSR requires approval)    

      Version-Release number of selected component (if applicable):

      pre-merge testing of https://github.com/openshift/console/pull/13493     

      How reproducible:

      Always    

      Steps to Reproduce:

      1. select one node which is joining the cluster, approve client CSR and do not approve server CSR, wait for some time
      
      => we can see only one node is pending on server CSR approval
      $ oc get csr | grep Pending | grep system:node
      csr-54sn4   142m   kubernetes.io/kubelet-serving                 system:node:ip-10-0-49-55.us-east-2.compute.internal                        <none>              Pending
      csr-7nhb9   65m    kubernetes.io/kubelet-serving                 system:node:ip-10-0-49-55.us-east-2.compute.internal                        <none>              Pending
      csr-9g22f   4m4s   kubernetes.io/kubelet-serving                 system:node:ip-10-0-49-55.us-east-2.compute.internal                        <none>              Pending
      csr-bgrdq   35m    kubernetes.io/kubelet-serving                 system:node:ip-10-0-49-55.us-east-2.compute.internal                        <none>              Pending
      csr-chqnf   50m    kubernetes.io/kubelet-serving                 system:node:ip-10-0-49-55.us-east-2.compute.internal                        <none>              Pending
      csr-f4sbl   127m   kubernetes.io/kubelet-serving                 system:node:ip-10-0-49-55.us-east-2.compute.internal                        <none>              Pending
      csr-msnml   157m   kubernetes.io/kubelet-serving                 system:node:ip-10-0-49-55.us-east-2.compute.internal                        <none>              Pending
      csr-p9qrp   19m    kubernetes.io/kubelet-serving                 system:node:ip-10-0-49-55.us-east-2.compute.internal                        <none>              Pending
      csr-qp2pw   112m   kubernetes.io/kubelet-serving                 system:node:ip-10-0-49-55.us-east-2.compute.internal                        <none>              Pending
      csr-qrlnv   96m    kubernetes.io/kubelet-serving                 system:node:ip-10-0-49-55.us-east-2.compute.internal                        <none>              Pending
      csr-tk7j4   81m    kubernetes.io/kubelet-serving                 system:node:ip-10-0-49-55.us-east-2.compute.internal                        <none>              Pending

      Actual results:

      1. on nodes list page, we can see two rows shown for node ip-10-0-49-55.us-east-2.compute.internal

      Expected results:

      since the pending client CSR has been there for several hours and the node now is actually waiting for server CSR approval, we should only show one record/row to indicate user that it requires server CSR approval
      
      The pending client CSR associated with ip-10-0-49-55.us-east-2.compute.internal is already 3 hours old
      $ oc get csr csr-4d628
      NAME        AGE   SIGNERNAME                                    REQUESTOR                                                                   REQUESTEDDURATION   CONDITION
      csr-4d628   3h    kubernetes.io/kube-apiserver-client-kubelet   system:serviceaccount:openshift-machine-config-operator:node-bootstrapper   <none>              Pending
      

      Additional info:

          

            rawagner@redhat.com Rastislav Wagner
            rhn-support-yapei YaDan Pei
            YaDan Pei YaDan Pei
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: