Loading...

XML

Word

Printable

Type: Bug
Resolution: Unresolved
Priority: Major
Fix Version/s: 4.20.0
Affects Version/s: 4.18, 4.19, 4.20
Component/s: HyperShift
Labels:
None

Activity Type:
Quality / Stability / Reliability
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Story Points:
None
Severity:
Critical
Regression:
Yes

Target Backport Versions:

4.18.z, 4.19.z
Target Version:

4.20.0
Release Blocker:
Rejected
Sprint:
None

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Release Note Status:
In Progress
Release Note Type:
Bug Fix
Release Note Text:
Without this fix, the HyperShift Operator would validate the Kubernetes API Servers Subject Alternative Names in all cases. With the fix, this is only done if PKI reconciliation is not disabled.

Escape Reason:
None
Escape Impact:
None
Corrective Measures:
None
SDLC stage when should've been found:
None

Description of problem:

    The validation of the OCP API Server SANs https://github.com/openshift/hypershift/blob/13e0d5f146e2dbe41a9c8881ea3aef15062e9bf7/hypershift-operator/controllers/hostedcluster/validations/ocpapiserver.go#L26c should only be done when Hypershift is managing the PKI reconciliation. 

The validation was introduced in: https://github.com/openshift/hypershift/pull/6091

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:

    1.
    2.
    3.

Actual results:

Expected results:

Additional info:

blocks

OCPBUGS-56562 Validate OCP API Server info only if reconciling KPI

Closed

is cloned by

OCPBUGS-56562 Validate OCP API Server info only if reconciling KPI

Closed

links to

openshift/hypershift#6171: OCPBUGS-56457: Do not validate OCP API Server SANS if PKI reconciliation is disabled

Assignee:: Ryan Cradick

Reporter:: Ryan Cradick

Need Info From:: None

Contributors:: None

QA Contact:: Ke Wang

Doc Contact:: None

Votes:: 0 Vote for this issue

Watchers:: 6 Start watching this issue

Created:: 2025/05/19 9:01 PM

Updated:: 2025/09/19 2:32 PM