Loading...

XML

Word

Printable

Type: Bug
Resolution: Done-Errata
Priority: Major
Fix Version/s: 4.13.0, 4.14.0
Affects Version/s: 4.13
Component/s: MicroShift
Labels:
None

Regression:
No
Sprint:
uShift Sprint 233
sprint_count:
1
Release Blocker:
Rejected
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Release Note Text:
The certificate authorities used to generate kubeconfig files for MicroShift's embedded components are reconfigured to ensure the kubeconfigs are independent.
Release Note Type:
Bug Fix
Target Version:

4.14.0

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Description of problem:

All kubeconfigs are using a CA bundle including all 3 different signers: service network, localhost and external. This makes kubeconfigs interchangeable and capable of validating for other networks than the ones they are intended to be used.
Each kubeconfig shall use the signer for the network it belongs to.

Version-Release number of selected component (if applicable):

4.13

How reproducible:

Install MicroShift, then check the CAs for all generated kubeconfigs under /var/lib/microshift/resources/kubeadmin

Steps to Reproduce:

1.
2.
3.

Actual results:

Same CA in all kubeconfigs

Expected results:

Specific network CA for each kubeconfig

Additional info:

blocks

OCPBUGS-10223 kubeconfig CA includes all signers

Closed

is cloned by

OCPBUGS-10223 kubeconfig CA includes all signers

Closed

links to

openshift/microshift#1440: OCPBUGS-8301: Use correct CAs in kubeconfig files

RHSA-2023:5008 OpenShift Container Platform 4.14.z security update

mentioned on

Merge request - Change to handle certificate change (OCPBUGS-8301)

Assignee:: Pablo Acevedo Montserrat

Reporter:: Pablo Acevedo Montserrat

QA Contact:: Rahul Gangwar

Votes:: 0 Vote for this issue

Watchers:: 7 Start watching this issue

Created:: 2023/03/03 3:41 PM

Updated:: 2023/10/31 2:20 PM

Resolved:: 2023/10/31 2:20 PM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates