-
Bug
-
Resolution: Unresolved
-
Critical
-
4.19.z
Currently, the MCO uses the infrastructure status to infer the hostnames during cert management. In ARO, those fields don't exist, so when the MCO's cert reconcile loop runs on upgrade to 4.19, it refreshes the cert without the required SAN IPs.
The certcontroller in the MCO is vendored from library-go, which uses annotations on the secret to determine if the certs are due for rotation. Clusters in <4.18 do not have these annotations; and hence will have an immediate rotation when upgraded. 4.19 installer creates the secret with these annotations; so we will not see an immediate rotation when the MCO comes up during 4.19 installation and
See https://issues.redhat.com/browse/ARO-20086 for some more context.
- blocks
-
OCPBUGS-59978 ARO clusters cannot scale on upgrade to 4.19
-
- Closed
-
- is cloned by
-
OCPBUGS-59978 ARO clusters cannot scale on upgrade to 4.19
-
- Closed
-
- links to