[OCPBUGS-42431] Hypershift is managing kubeconfigs for DNS and Ingress operators

Type: Bug
Resolution: Done-Errata
Priority: Normal
Fix Version/s: 4.16.z
Affects Version/s: 4.15
Component/s: HyperShift
Labels:
- groomed

Severity:
Moderate
Regression:
None
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Release Note Text:

Hide
* Previously, the Ingress and DNS operators failed to start correctly because of rotating root certificates. With this release, the Ingress and DNS operator Kubeconfigs are conditionally managed by using the annotation that defines when the PKI requires management and the issue is resolved.. (link:https://issues.redhat.com/browse/OCPBUGS-42431[*~~OCPBUGS-42431~~*])

Show
* Previously, the Ingress and DNS operators failed to start correctly because of rotating root certificates. With this release, the Ingress and DNS operator Kubeconfigs are conditionally managed by using the annotation that defines when the PKI requires management and the issue is resolved.. (link: https://issues.redhat.com/browse/OCPBUGS-42431 [* OCPBUGS-42431 *])
Release Note Type:
Bug Fix
Release Note Status:
Done
Target Version:

4.16.z
Target Backport Versions:

4.15.z, 4.17.z, 4.16.z

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

This is a clone of issue ~~OCPBUGS-41824~~. The following is the description of the original issue:
—
Description of problem:

    The kubeconfigs for the DNS Operator and the Ingress Operator are managed by Hypershift and they should only be managed by the cloud service provider. This can lead to the kubeconfig/certificate being invalid in the cases where the cloud service provider further manages the kubeconfig (for example ca-rotation).

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:

    1.
    2.
    3.

Actual results:

Expected results:

Additional info:

blocks

OCPBUGS-42992 Hypershift is managing kubeconfigs for DNS and Ingress operators

Closed

clones

OCPBUGS-41824 Hypershift is managing kubeconfigs for DNS and Ingress operators

Closed

is blocked by

OCPBUGS-42261 Hypershift is managing kubeconfigs for DNS and Ingress operators

Closed

is cloned by

OCPBUGS-42992 Hypershift is managing kubeconfigs for DNS and Ingress operators

Closed

links to

openshift/hypershift#4798: [release-4.16] OCPBUGS-42431: Conditionally manage kubeconfig secrets for DNS and Ingress operators

RHBA-2024:7944 OpenShift Container Platform 4.16.z bug fix update

(1 links to)

Errata Tool added a comment - 2024/10/16 4:51 PM

Since the problem described in this issue should be resolved in a recent advisory, it has been closed.

For information on the advisory (Moderate: OpenShift Container Platform 4.16.17 security update), and where to find the updated files, follow the link below.

If the solution does not work for you, open a new bug report.
https://access.redhat.com/errata/RHSA-2024:7944

Errata Tool added a comment - 2024/10/16 4:51 PM Since the problem described in this issue should be resolved in a recent advisory, it has been closed. For information on the advisory (Moderate: OpenShift Container Platform 4.16.17 security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2024:7944

Assignee:: Ryan Cradick

Reporter:: OpenShift Prow Bot

QA Contact:: Jie Zhao

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Created:: 2024/09/25 1:31 PM

Updated:: 2024/10/25 1:40 PM

Resolved:: 2024/10/16 4:51 PM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

Collapse comment: Errata Tool added a comment - 2024/10/16 4:51 PM

Expand comment: Errata Tool added a comment - 2024/10/16 4:51 PM

People

Dates