-
Bug
-
Resolution: Duplicate
-
Undefined
-
None
-
4.14.z, 4.15.z
-
None
-
Important
-
None
-
False
-
Manifests as a failure for nodes to join when running a 4.15 (or earlier) HC with a HO from main.
The e2e results in an HC that looks like this:
spec:
platform:
aws:
endpointAccess: Private
type: AWS
release:
image: quay.io/openshift-release-dev/ocp-release:4.15.33-x86_64
services:
- service: APIServer
servicePublishingStrategy:
type: LoadBalancer
- service: Ignition
servicePublishingStrategy:
type: Route
- service: Konnectivity
servicePublishingStrategy:
type: Route
- service: OAuthServer
servicePublishingStrategy:
type: Route
status:
controlPlaneEndpoint:
host: a65dd2c977c334e08aba9792f048078a-10c7c0da72b9f055.elb.us-east-1.amazonaws.com
port: 6443
If I ssh into the node that is not joining
Sep 19 02:52:11 ip-10-0-132-63 kubenswrapper[2215]: I0919 02:52:11.405665 2215 csi_plugin.go:913] Failed to contact API server when waiting for CSINode publishing: Get "https://api.example-mqd4z.hypershift.local:443/apis/storage.k8s.io/v1/csinodes/ip-10-0-132-63.ec2.internal": dial tcp 10.0.133.160:443: i/o timeout $ curl --insecure https://api.example-mqd4z.hypershift.local:443 <hangs forever> $ curl --insecure https://api.example-mqd4z.hypershift.local:6443 { "kind": "Status", "apiVersion": "v1", "metadata": {}, "status": "Failure", "message": "forbidden: User \"system:anonymous\" cannot get path \"/\"", "reason": "Forbidden", "details": {}, "code": 403 }
The kubelet is using the wrong port, 443 instead of 6443, when attempting to connect to the KAS across PrivateLink.
- duplicates
-
-
- Closed
-
- is blocked by
-
-
- Closed
-
- relates to
-
-
- Closed
-
