-
Bug
-
Resolution: Unresolved
-
Normal
-
4.20.0
-
Quality / Stability / Reliability
-
False
-
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
Description of problem:
If no hostname is specified for the kube-apiserver ingress strategy of a public AWS HostedCluster, the cluster uses the DNS name of the AWS loadbalancer as its public endpoint. This creates a dependence on that specific LoadBalancer for clients and serving certs. If a cluster is destroyed and later restored using a different LoadBalancer, the serving cert created for the kube-apiserver and any kubeconfigs used by the nodes are no longer valid because they use the dns name of the previous load balancer.
Version-Release number of selected component (if applicable):
All
How reproducible:
Always
Steps to Reproduce:
1. Create an AWS Public HostedCluster
2. Backup the cluster and destroy it
3. Restore the cluster
Actual results:
The cluster nodes fail to come up because they can no longer talk to the kube apiserver.
Expected results:
The cluster comes back up successfully
Additional info:
This is not an issue with PublicAndPrivate and Private clusters because they rely on internal names for the Kube API server endpoint.
- relates to
-
-
- ASSIGNED
-
- links to
