-
Bug
-
Resolution: Unresolved
-
Normal
-
None
-
4.19.z
Description of problem:
Follow https://issues.redhat.com/browse/OCPBUGS-63353?focusedId=28533535&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-28533535 , need a separate bug to track.
The ValidAWSIdentityProvider status in HC incorrectly remains True even when KAS changes to unavailable. In contrast, the ValidAWSIdentityProvider status in HCP accurately changes to Unknown. This inconsistency requires synchronization so that the HC status correctly reflects the unavailability, matching the HCP behavior.
Version-Release number of selected component (if applicable):
4.21.0-0.nightly-2025-11-22-193140
How reproducible:
always
Steps to Reproduce:
1. Install a hcp in aws, and wait hcp installed successfully
2. Break KAS, make it unavaliable
3. Monitor the ValidAWSIdentityProvider status in HC and HCP
Actual results:
ValidAWSIdentityProvider in HCP change to Unknown, ValidAWSIdentityProvider is still in True.
oc set resources deploy/kube-apiserver --limits=cpu=10m,memory=50Mi \
--requests=cpu=10m,memory=50Mi
deployment.apps/kube-apiserver resource requirements updated
oc scale deployment/kube-apiserver --replicas=0
deployment.apps/kube-apiserver scaled
oc get pods -l app=kube-apiserver
NAME READY STATUS RESTARTS AGE
kube-apiserver-7d5b688df8-2tlkx 4/5 CrashLoopBackOff 8 (57s ago) 12m
❯ oc get hostedcluster -n clusters ${CLUSTER_NAME} -o jsonpath='{.status.conditions[?(@.type=="KubeAPIServerAvailable")]}' | jq
{
"lastTransitionTime": "2025-11-25T03:35:44Z",
"message": "Waiting for Kube APIServer deployment to become available",
"observedGeneration": 3,
"reason": "WaitingForAvailable",
"status": "False",
"type": "KubeAPIServerAvailable"
}
oc get hostedcontrolplane ${CLUSTER_NAME} -n clusters-${CLUSTER_NAME} -o jsonpath='{.status.conditions[?(@.type=="ValidAWSIdentityProvider")]}' | jq
{
"lastTransitionTime": "2025-11-25T03:40:33Z",
"message": "Cannot validate AWS identity provider while KubeAPIServer is not available",
"observedGeneration": 1,
"reason": "StatusUnknown",
"status": "Unknown",
"type": "ValidAWSIdentityProvider"
}
❯ oc get hostedcluster -n clusters ${CLUSTER_NAME} -o jsonpath='{.status.conditions[?(@.type=="ValidAWSIdentityProvider")]}' | jq
{
"lastTransitionTime": "2025-11-25T03:30:32Z",
"message": "All is well",
"observedGeneration": 3,
"reason": "AsExpected",
"status": "True",
"type": "ValidAWSIdentityProvider"
}
oc get hc -A
NAMESPACE NAME VERSION KUBECONFIG PROGRESS AVAILABLE PROGRESSING MESSAGE
clusters wxj-25-oidc wxj-25-oidc-admin-kubeconfig Partial False False Waiting for Kube APIServer deployment to become available
❯ oc get np -A
NAMESPACE NAME CLUSTER DESIRED NODES CURRENT NODES AUTOSCALING AUTOREPAIR VERSION UPDATINGVERSION UPDATINGCONFIG MESSAGE
clusters wxj-25-oidc-us-east-2a wxj-25-oidc 2 0 False False 4.21.0-0.nightly-2025-11-22-193140 False False Minimum availability requires 2 replicas, current 0 available
Expected results:
HC should keep same status with HCP
Additional info: