Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-62006

Ignition Server certificate secrets deleted if disable-pki-reconciliation annotation is present

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Normal Normal
    • 4.20.0
    • 4.20, 4.21
    • HyperShift
    • None
    • Quality / Stability / Reliability
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • None
    • None
    • In Progress
    • Release Note Not Required
    • Hide
      Before this update, deploying hosted control planes 4.20+ with user-supplied `ignition-server-serving-cert` and `ignition-server-ca-cert secrets`, along with the `disable-pki-reconciliation annotation`, caused the system to remove the user supplied ignition secrets and the `ignition-server` pods to fail. With this release, the `Ignition-server` secrets are preserved during reconciliation after removing the delete action for the `disable-pki-reconciliation` annotation ensuring ignition-server pods start up completely. (link:https://issues.redhat.com/browse/OCPBUGS-62006[OCPBUGS-62006])
      Show
      Before this update, deploying hosted control planes 4.20+ with user-supplied `ignition-server-serving-cert` and `ignition-server-ca-cert secrets`, along with the `disable-pki-reconciliation annotation`, caused the system to remove the user supplied ignition secrets and the `ignition-server` pods to fail. With this release, the `Ignition-server` secrets are preserved during reconciliation after removing the delete action for the `disable-pki-reconciliation` annotation ensuring ignition-server pods start up completely. (link: https://issues.redhat.com/browse/OCPBUGS-62006 [ OCPBUGS-62006 ])
    • None
    • None
    • None
    • None

      This is a clone of issue OCPBUGS-61776. The following is the description of the original issue:

      Description of problem:

      If the disable-pki-reconciliation annotation is present, the ignition-server-serving-cert and ignition-server-ca-cert secrets are deleted during ignition-server reconciliation. This prevents ignition-server pods from starting up completely.

      Version-Release number of selected component (if applicable):

      4.20, 4.21

      How reproducible:

      Always

      Steps to Reproduce:

       
1. Create 4.20 HostedCluster with user-supplied ignition-server-serving-cert and ignition-server-ca-cert secrets, as well as the disable-pki-reconciliation annotation

      Actual results:

      control-plane-operator deletes the user-supplied secrets, ignition-servers won't start up completely

      Expected results:

      User-supplied secrets are preserved, ignition-server pods start up completely

      Additional info:

              mate-lajko Máté Lajkó (Inactive)
              mate-lajko Máté Lajkó (Inactive)
              None
              None
              Zheng Feng Zheng Feng
              None
              Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

                Created:
                Updated:
                Resolved: