Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-30304

cert-syncer is forcibly changing secret type without retaining content

XMLWordPrintable

    • No
    • False
    • Hide

      None

      Show
      None

      This is a clone of issue OCPBUGS-30119. The following is the description of the original issue:

      Description of problem:

      `ensureSigningCertKeyPair` and `ensureTargetCertKeyPair` are always updating secret type. if the secret requires metadata update, its previous content will not be retained  

      Version-Release number of selected component (if applicable):

      How reproducible:

      Steps to Reproduce:

          1. Install 4.6 cluster (or make sure installer-generated secrets have `type: SecretTypeTLS` instead of `type: kubernetes.io/tls`
    2. Run secret sync
    3. Check secret contents

      Actual results:

          Secret was regenerated with new content

      Expected results:

      Existing content should be preserved, content is not modified

      Additional info:

          This causes api-int CA update for clusters born in 4.6 or earlier.

            vrutkovs@redhat.com Vadim Rutkovsky
            openshift-crt-jira-prow OpenShift Prow Bot
            Rahul Gangwar Rahul Gangwar
            Votes:
            0 Vote for this issue
            Watchers:
            8 Start watching this issue

              Created:
              Updated:
              Resolved: