Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-50643

Upon generating the seed image the certificates turn expired

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Undefined Undefined
    • None
    • 4.19
    • LCA operator
    • None
    • Quality / Stability / Reliability
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • None
    • None
    • None
    • None
    • None
    • None
    • None
    • None
    • None
    • None

      Hub cluster: OCP 4.19.0-ec.1 with multicluster-engine.v2.8.0-201

      Deploy spoke SNO cluster:

      NAME="Red Hat Enterprise Linux CoreOS"
      ID="rhcos"
      ID_LIKE="rhel fedora"
      VERSION="419.96.202501201426-0"
      VERSION_ID="4.19"
      VARIANT="CoreOS"
      VARIANT_ID=coreos
      PLATFORM_ID="platform:el9"
      PRETTY_NAME="Red Hat Enterprise Linux CoreOS 419.96.202501201426-0"
      ANSI_COLOR="0;31"
      CPE_NAME="cpe:/o:redhat:enterprise_linux:9::baseos::coreos"
      HOME_URL="https://www.redhat.com/"
      DOCUMENTATION_URL="https://docs.okd.io/latest/welcome/index.html"
      BUG_REPORT_URL="https://access.redhat.com/labs/rhir/"
      REDHAT_BUGZILLA_PRODUCT="OpenShift Container Platform"
      REDHAT_BUGZILLA_PRODUCT_VERSION="4.19"
      REDHAT_SUPPORT_PRODUCT="OpenShift Container Platform"
      REDHAT_SUPPORT_PRODUCT_VERSION="4.19"
      OPENSHIFT_VERSION="4.19"
      RHEL_VERSION=9.6
      OSTREE_VERSION="419.96.202501201426-0"
       

      On the spoke deployed LCA from this iindex image: registry-proxy.engineering.redhat.com/rh-osbs/iib:911757

       

      After starting the process of generating the seed image from that spoke - seems like certificates got expires and the API become non-reachable.

       

      openshift-apiserver crictl pod shows repeating:

      E0212 16:33:06.498067       1 authentication.go:73] "Unable to authenticate the request" err="[x509: certificate has expired or is not yet valid: current time 2025-02-12T16:33:06Z is after 2025-02-12T13:35:50Z, verifying certificate SN=6925837124145180464, SKID=, AKID=58:15:97:6B:4B:46:31:FC:76:43:0B:07:B7:14:53:70:E8:52:F4:9D failed: x509: certificate has expired or is not yet valid: current time 2025-02-12T16:33:06Z is after 2025-02-12T13:35:50Z]"

       

              jche@redhat.com Jun Chen
              achuzhoy@redhat.com Alexander Chuzhoy
              None
              None
              Alexander Chuzhoy Alexander Chuzhoy
              None
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated: