-
Bug
-
Resolution: Unresolved
-
Undefined
-
None
-
4.19
-
None
-
Quality / Stability / Reliability
-
False
-
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
Hub cluster: OCP 4.19.0-ec.1 with multicluster-engine.v2.8.0-201
Deploy spoke SNO cluster:
NAME="Red Hat Enterprise Linux CoreOS" ID="rhcos" ID_LIKE="rhel fedora" VERSION="419.96.202501201426-0" VERSION_ID="4.19" VARIANT="CoreOS" VARIANT_ID=coreos PLATFORM_ID="platform:el9" PRETTY_NAME="Red Hat Enterprise Linux CoreOS 419.96.202501201426-0" ANSI_COLOR="0;31" CPE_NAME="cpe:/o:redhat:enterprise_linux:9::baseos::coreos" HOME_URL="https://www.redhat.com/" DOCUMENTATION_URL="https://docs.okd.io/latest/welcome/index.html" BUG_REPORT_URL="https://access.redhat.com/labs/rhir/" REDHAT_BUGZILLA_PRODUCT="OpenShift Container Platform" REDHAT_BUGZILLA_PRODUCT_VERSION="4.19" REDHAT_SUPPORT_PRODUCT="OpenShift Container Platform" REDHAT_SUPPORT_PRODUCT_VERSION="4.19" OPENSHIFT_VERSION="4.19" RHEL_VERSION=9.6 OSTREE_VERSION="419.96.202501201426-0"
On the spoke deployed LCA from this iindex image: registry-proxy.engineering.redhat.com/rh-osbs/iib:911757
After starting the process of generating the seed image from that spoke - seems like certificates got expires and the API become non-reachable.
openshift-apiserver crictl pod shows repeating:
E0212 16:33:06.498067 1 authentication.go:73] "Unable to authenticate the request" err="[x509: certificate has expired or is not yet valid: current time 2025-02-12T16:33:06Z is after 2025-02-12T13:35:50Z, verifying certificate SN=6925837124145180464, SKID=, AKID=58:15:97:6B:4B:46:31:FC:76:43:0B:07:B7:14:53:70:E8:52:F4:9D failed: x509: certificate has expired or is not yet valid: current time 2025-02-12T16:33:06Z is after 2025-02-12T13:35:50Z]"
- is related to
-
OCPBUGS-49972 Kubelet unhealthy within 24hrs on spoke cluster with LCA installed
-
- Closed
-