Loading...

XML

Word

Printable

Type: Bug
Resolution: Done-Errata
Priority: Normal
Fix Version/s: 4.16.z
Affects Version/s: 4.15
Component/s: HyperShift
Labels:
- groomed

Severity:
Moderate
Regression:
None
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Release Note Text:

Hide
* Previously, the Ingress and DNS operators failed to start correctly because of rotating root certificates. With this release, the Ingress and DNS operator Kubeconfigs are conditionally managed by using the annotation that defines when the PKI requires management and the issue is resolved.. (link:https://issues.redhat.com/browse/OCPBUGS-42431[*~~OCPBUGS-42431~~*])
-------
Cause - Rotating root certificates.
Consequence - The Ingress and DNS operators will fail to start correctly during the rotation process.
Fix - Conditionally manage the Ingress and DNS operator Kubeconfigs based on the annotation defining when to manage PKI.
Result - The Ingress and DNS operators will start correctly during the rotation process.

Show
* Previously, the Ingress and DNS operators failed to start correctly because of rotating root certificates. With this release, the Ingress and DNS operator Kubeconfigs are conditionally managed by using the annotation that defines when the PKI requires management and the issue is resolved.. (link: https://issues.redhat.com/browse/OCPBUGS-42431 [* OCPBUGS-42431 *]) ------- Cause - Rotating root certificates. Consequence - The Ingress and DNS operators will fail to start correctly during the rotation process. Fix - Conditionally manage the Ingress and DNS operator Kubeconfigs based on the annotation defining when to manage PKI. Result - The Ingress and DNS operators will start correctly during the rotation process.
Release Note Type:
Bug Fix
Release Note Status:
In Progress
Target Version:

4.16.z
Target Backport Versions:

4.15.z, 4.17.z, 4.16.z

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

This is a clone of issue OCPBUGS-41824. The following is the description of the original issue:
—
Description of problem:

    The kubeconfigs for the DNS Operator and the Ingress Operator are managed by Hypershift and they should only be managed by the cloud service provider. This can lead to the kubeconfig/certificate being invalid in the cases where the cloud service provider further manages the kubeconfig (for example ca-rotation).

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:

    1.
    2.
    3.

Actual results:

Expected results:

Additional info:

blocks

OCPBUGS-42992 Hypershift is managing kubeconfigs for DNS and Ingress operators

ON_QA

clones

OCPBUGS-41824 Hypershift is managing kubeconfigs for DNS and Ingress operators

Verified

is blocked by

OCPBUGS-42261 Hypershift is managing kubeconfigs for DNS and Ingress operators

Closed

is cloned by

OCPBUGS-42992 Hypershift is managing kubeconfigs for DNS and Ingress operators

ON_QA

links to

openshift/hypershift#4798: [release-4.16] OCPBUGS-42431: Conditionally manage kubeconfig secrets for DNS and Ingress operators

RHBA-2024:7944 OpenShift Container Platform 4.16.z bug fix update

(1 links to)

Assignee:: Ryan Cradick

Reporter:: OpenShift Prow Bot

QA Contact:: Jie Zhao

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Created:: 2024/09/25 1:31 PM

Updated:: 2024/10/16 4:51 PM

Resolved:: 2024/10/16 4:51 PM

Details

Description

Attachments

Issue Links

Activity

People

Dates