Loading...

XML

Word

Printable

Type: Bug
Resolution: Done-Errata
Priority: Normal
Fix Version/s: None
Affects Version/s: 4.15
Component/s: HyperShift
Labels:
- triaged

Regression:
None
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Release Note Text:

Hide
* Previously, during root certification rotation, the Ingress Operator and DNS Operator failed to start. With this release, an update to the kubeconfigs for the Ingress Operator and DNS Operator ensure that annotations set the conditions for managing the public key infrastructure (PKI). This update ensures that both Operators can start as expected during root certification rotation. (link:https://issues.redhat.com/browse/OCPBUGS-42261[*~~OCPBUGS-42261~~*])

Show
* Previously, during root certification rotation, the Ingress Operator and DNS Operator failed to start. With this release, an update to the kubeconfigs for the Ingress Operator and DNS Operator ensure that annotations set the conditions for managing the public key infrastructure (PKI). This update ensures that both Operators can start as expected during root certification rotation. (link: https://issues.redhat.com/browse/OCPBUGS-42261 [* OCPBUGS-42261 *])
Release Note Type:
Bug Fix
Release Note Status:
Done
Target Version:

4.17.z
Target Backport Versions:

4.15.z, 4.17.z, 4.16.z

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

This is a clone of issue OCPBUGS-41824. The following is the description of the original issue:
—
Description of problem:

    The kubeconfigs for the DNS Operator and the Ingress Operator are managed by Hypershift and they should only be managed by the cloud service provider. This can lead to the kubeconfig/certificate being invalid in the cases where the cloud service provider further manages the kubeconfig (for example ca-rotation).

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:

    1.
    2.
    3.

Actual results:

Expected results:

Additional info:

blocks

OCPBUGS-42431 Hypershift is managing kubeconfigs for DNS and Ingress operators

Closed

clones

OCPBUGS-41824 Hypershift is managing kubeconfigs for DNS and Ingress operators

Verified

is blocked by

OCPBUGS-41824 Hypershift is managing kubeconfigs for DNS and Ingress operators

Verified

links to

openshift/hypershift#4764: [release-4.17] OCPBUGS-42261: Conditionally manage kubeconfig secrets for DNS and Ingress operators

RHBA-2024:7922 OpenShift Container Platform 4.17.z bug fix update

Assignee:: Ryan Cradick

Reporter:: OpenShift Prow Bot

QA Contact:: Jie Zhao

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Created:: 2024/09/20 2:23 PM

Updated:: 2024/10/16 2:41 AM

Resolved:: 2024/10/16 2:41 AM

Details

Description

Attachments

Issue Links

Activity

People

Dates