-
Bug
-
Resolution: Unresolved
-
Normal
-
None
-
4.19.z
-
None
-
Quality / Stability / Reliability
-
False
-
-
None
-
Moderate
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
Description of problem:
The kube-apiserver-check-endpoints container, used for the check-endpoint service on port 17697, is generating a certificate with a validity of just 1 second in RHOCP v4.19. In contrast, previous RHOCP versions (verfied from 4.14 to 4.18) produces a certificate with a validity of 1 month. The discrepancy could be a result of a change introduced in RHOCP v4.19, but it is unclear whether this is intended behavior or a bug.
Version-Release number of selected component (if applicable):
RHOCP v4.19
How reproducible:
1. Deploy an OpenShift cluster - version 4.19.z. 2. Access the terminal for the kube-apiserver-check-endpoints container within the openshift-kube-apiserver namespace using the console. 3. Run the following command to check certificate validity: curl -vk https://127.0.0.1:17697
Steps to Reproduce:
1. Deploy an OpenShift cluster - version 4.19.z. 2. Access the terminal for the kube-apiserver-check-endpoints container within the openshift-kube-apiserver namespace using the console. 3. Run the following command to check certificate validity: curl -vk https://127.0.0.1:17697
Actual results:
# curl -kv https://127.0.0.1:17697 ... start date: Sep 29 06:36:35 2025 GMT expire date: Sep 29 06:36:36 2025 GMT ...
Expected results:
Additional info:
