Details
-
Bug
-
Resolution: Obsolete
-
Undefined
-
None
-
4.12
-
Moderate
-
False
-
Description
Description of problem:
After restarting kubelet as part of 'restore to previous cluster state' procedure a CSR is created. Inspecting it reveals that IPv6 address is incorrect:
oc describe csr csr-tmrn2 Name: csr-tmrn2 Labels: <none> Annotations: <none> CreationTimestamp: Fri, 06 Jan 2023 09:45:48 -0500 Requesting User: system:node:sno-0 Signer: kubernetes.io/kubelet-serving Status: Pending Subject: Common Name: system:node:sno-0 Serial Number: Organization: system:nodes Subject Alternative Names: DNS Names: sno-0 IP Addresses: 10.1.101.49 fd69::2 Events: <none>
Note "fd69::2" IPv6 address. Previously generated CSRs report expected IP
oc describe csr csr-792jp Name: csr-792jp Labels: <none> Annotations: <none> CreationTimestamp: Fri, 06 Jan 2023 08:03:43 -0500 Requesting User: system:node:sno-0 Signer: kubernetes.io/kubelet-serving Status: Approved,Issued Subject: Common Name: system:node:sno-0 Serial Number: Organization: system:nodes Subject Alternative Names: DNS Names: sno-0 IP Addresses: 10.1.101.49 2620:52:0:165::31 Events: <none>
Version-Release number of selected component (if applicable):
4.12.0-rc.6
How reproducible:
So far ran the procedure once
Steps to Reproduce:
1. Follow "Restore to previous cluster state" procedure on baremetal dualstack SNO cluster 2. 3.
Actual results:
Rogue IPv6 address present in CSR
Expected results:
Correct(IPv6 address configured by operator) is added into CSR
Additional info:
That's interface from SNO node: ip a s br-ex 10: br-ex: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default qlen 1000 link/ether 40:a6:b7:9a:6a:e8 brd ff:ff:ff:ff:ff:ff inet 10.1.101.49/28 brd 10.1.101.63 scope global noprefixroute br-ex valid_lft forever preferred_lft forever inet 169.254.169.2/29 brd 169.254.169.7 scope global br-ex valid_lft forever preferred_lft forever inet6 fd69::2/125 scope global nodad valid_lft forever preferred_lft forever inet6 2620:52:0:165::31/124 scope global noprefixroute valid_lft forever preferred_lft forever inet6 fe80::42a6:b7ff:fe9a:6ae8/64 scope link noprefixroute valid_lft forever preferred_lft forever After some time those CSRs were automatically approved