This is a clone of issue OCPBUGS-59285. The following is the description of the original issue:
—
This is a clone of issue OCPBUGS-55404. The following is the description of the original issue:
—
Description of problem:
When deploying Single Node OpenShift (SNO) via ZTP in release 4.18 with multiple IPs on the primary interface, the apiserver pod fails due to attempting to connect to etcd using an IP address that's not included in the etcd certificate. The `etcd-pod` ConfigMap contains mixed IPs.
Version-Release number of selected component (if applicable):
4.18
How reproducible:
100% reproducible under described conditions.
Steps to Reproduce:
1. Deploy SNO via Assisted Install (ZTP) with multiple IPs assigned to the primary interface. 2. Observe apiserver pod failure during cluster initialization. 3. Check apiserver logs for TLS certificate validation errors.
Actual results:
Apiserver logs show error:
W0427 08:27:14.383902 1 logging.go:55] [core] [Channel #1 SubChannel #4]grpc: addrConn.createTransport failed to connect to {Addr: "<masked>.13:2379", ServerName: "<masked>.13:2379", }. Err: connection error: desc = "transport: authentication handshake failed: tls: failed to verify certificate: x509: certificate is valid for <masked>.11, 127.0.0.1, ::1, not <masked>.13"
Expected results:
`ETCDCTL_ENDPOINTS` in the ConfigMap(IP used by APIserver to connect to etcd) should match the IP in the certificate
Additional info:
- clones
-
OCPBUGS-59285 [4.19] SNO with Multiple address on the primary interface, apiserver while trying to contact etcd is using an IP which is not present in cert.
-
- Closed
-
- is blocked by
-
-
- Closed
-
- links to
