Description of problem:
containers of kube-apiserver are based on different RHEL releases, some are based on RHEL9.2, some are RHEL 8.6
Version-Release number of selected component (if applicable):
$ oc get clusterversion NAME VERSION AVAILABLE PROGRESSING SINCE STATUS version 4.16.0-0.nightly-2024-02-02-002725 True False 4h45m Cluster version is 4.16.0-0.nightly-2024-02-02-002725
How reproducible:
Always
Steps to Reproduce:
$ hostedcluster=$( oc get -n clusters hostedclusters -o json | jq -r .items[].metadata.name) $ kas_pod=$(oc get po -n clusters-${hostedcluster} -l app=kube-apiserver --no-headers | awk '{print $1}' | head -1) $ kcs=$(oc get pod $kas_pod -n clusters-${hostedcluster} -o jsonpath='{.spec.containers[*].name}') $ for c in `echo $kcs`;do echo "--> $c"; oc exec -n clusters-${hostedcluster} $kas_pod -c $c -- cat /etc/redhat-release;done --> apply-bootstrap Red Hat Enterprise Linux release 8.6 (Ootpa) --> kube-apiserver Red Hat Enterprise Linux release 9.2 (Plow) --> konnectivity-server Red Hat Enterprise Linux release 9.2 (Plow) --> audit-logs Red Hat Enterprise Linux release 8.6 (Ootpa) --> aws-pod-identity-webhook Red Hat Enterprise Linux release 9.2 (Plow)
Actual results:
containers of kube-apiserver are based different RHEL 9.2 and 8.6
Expected results:
containers of kube-apiserver are based RHEL 9.2
Additional info:
Not see this problem on openshift-apiserver and openshift-oauth-apiserver, see below: $ oas_pod=$(oc get po -n clusters-${hostedcluster} -l app=openshift-apiserver --no-headers | awk '{print $1}' | head -1) $ oas_cs=$(oc get pod $oas_pod -n clusters-${hostedcluster} -o jsonpath='{.spec.containers[*].name}') $ for c in `echo $oas_cs`;do echo "--> $c"; oc exec -n clusters-${hostedcluster} $oas_pod -c $c -- cat /etc/redhat-release;done --> openshift-apiserver Red Hat Enterprise Linux release 9.2 (Plow) --> audit-logs Red Hat Enterprise Linux release 9.2 (Plow) --> socks5-proxy Red Hat Enterprise Linux release 9.2 (Plow) $ oauth_pod=$(oc get po -n clusters-${hostedcluster} -l app=oauth-openshift --no-headers | awk '{print $1}' | head -1) $ oauth_cs=$(oc get pod $oauth_pod -n clusters-${hostedcluster} -o jsonpath='{.spec.containers[*].name}') $ for c in `echo $oauth_cs`;do echo "--> $c"; oc exec -n clusters-${hostedcluster} $oauth_pod -c $c -- cat /etc/redhat-release;done --> oauth-server Red Hat Enterprise Linux release 9.2 (Plow) --> socks-proxy Red Hat Enterprise Linux release 9.2 (Plow) ----------------- This problem is not seen on OCP 4.16, see below, $ kas_pod=$(oc get po -n openshift-kube-apiserver -l apiserver --no-headers | awk '{print $1}' | head -1) $ kcs=$(oc get pod $kas_pod -n openshift-kube-apiserver -o jsonpath='{.spec.containers[*].name}') $ for c in `echo $kcs`;do echo "--> $c"; oc exec -n openshift-kube-apiserver $kas_pod -c $c -- cat /etc/redhat-release;done --> kube-apiserver Red Hat Enterprise Linux release 9.2 (Plow) --> kube-apiserver-cert-syncer Red Hat Enterprise Linux release 9.2 (Plow) --> kube-apiserver-cert-regeneration-controller Red Hat Enterprise Linux release 9.2 (Plow) --> kube-apiserver-insecure-readyz Red Hat Enterprise Linux release 9.2 (Plow) --> kube-apiserver-check-endpoints Red Hat Enterprise Linux release 9.2 (Plow)