Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-30119

cert-syncer is forcibly changing secret type without retaining content

    XMLWordPrintable

Details

    • Bug
    • Resolution: Unresolved
    • Undefined
    • 4.16.0
    • 4.15, 4.16.0
    • kube-apiserver
    • None
    • No
    • False
    • Hide

      None

      Show
      None

    Description

      Description of problem:

      `ensureSigningCertKeyPair` and `ensureTargetCertKeyPair` are always updating secret type. if the secret requires metadata update, its previous content will not be retained  

      Version-Release number of selected component (if applicable):

      How reproducible:

      Steps to Reproduce:

          1. Install 4.6 cluster (or make sure installer-generated secrets have `type: SecretTypeTLS` instead of `type: kubernetes.io/tls`
    2. Run secret sync
    3. Check secret contents

      Actual results:

          Secret was regenerated with new content

      Expected results:

      Existing content should be preserved, content is not modified

      Additional info:

          This causes api-int CA update for clusters born in 4.6 or earlier.

      Attachments

        Issue Links

          blocks

          Bug - A problem that impairs or prevents the functions of the product. OCPBUGS-30304 cert-syncer is forcibly changing secret type without retaining content

          • Undefined - Priority not specified.
          • Closed
          causes

          Bug - A problem that impairs or prevents the functions of the product. OCPBUGS-25821 cert issues during or after 4.14 to 4.15 upgrade

          • Critical - To be worked on immediately following BLOCKER issues.
          • ASSIGNED
          is cloned by

          Bug - A problem that impairs or prevents the functions of the product. OCPBUGS-30304 cert-syncer is forcibly changing secret type without retaining content

          • Undefined - Priority not specified.
          • Closed
          links to

          GitHub openshift/cluster-kube-apiserver-operator#1651: OCPBUGS-30119: certrotation: Bump library-go to latest master

          GitHub openshift/library-go#1681: OCPBUGS-30119: certrotation: update all secret types to `kubernetes.io/tls` preserving existing content

          Web Link RHEA-2024:0041 OpenShift Container Platform 4.16.z bug fix update

          Activity

            People

              vrutkovs@redhat.com Vadim Rutkovsky
              vrutkovs@redhat.com Vadim Rutkovsky
              Rahul Gangwar Rahul Gangwar
              Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

              Dates

                Created:
                Updated: