Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-45943

x509: cannot validate certificate for 21.101.0.1 because it doesn't contain any IP SANs

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Normal Normal
    • None
    • 4.19
    • kube-apiserver
    • None
    • Moderate
    • None
    • False
    • Hide

      None

      Show
      None

      Description of problem:

          1 Client can not connect to the kube-apiserver via kubernetes svc, as the kubernetes svc is not in the cert SANs
          2 The kube-apiserver-operator generate apiserver certs, and insert the kubernetes svc ip from the network cr status.ServiceNetwork
          3 When the temporary control plane is down, and the network cr is not ready yet, Client will not connect to apiserver again

      Version-Release number of selected component (if applicable):

          

      How reproducible:

          

      Steps to Reproduce:

          1. I have just met this for very rare conditions, especially when the machine performance is poor     
          2.
          3.
          

      Actual results:

          

      Expected results:

          

      Additional info:

          

              vrutkovs@redhat.com Vadim Rutkovsky
              lan.tian 天 兰
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated: