Uploaded image for project: 'Red Hat OpenStack Services on OpenShift'
  1. Red Hat OpenStack Services on OpenShift
  2. OSPRH-17062

Octavia client cert validity period is too short

XMLWordPrintable

    • 2
    • False
    • Hide

      None

      Show
      None
    • False
    • ?
    • octavia-operator-container-1.0.12-4
    • None
    • Critical

      To Reproduce Steps to reproduce the behavior:

      Octavia client certs are not being renewed. This already happened in few of our development environments. This causes issues with provisioning new amphoras, as octavia-worker is unable to establish tls connection to the vms.

      ❯ oc get secret octavia-certs-secret -o json | jq -r '.data."client.cert-and-key.pem"' | base64 -d | openssl x509 -noout -dates
      notBefore=Apr 25 08:29:08 2025 GMT
      notAfter=May 25 08:29:08 2025 GMT

      ❯ oc get openstackversions.core.openstack.org

      NAME TARGET VERSION AVAILABLE VERSION DEPLOYED VERSION
      openstack-control-plane 18.0.6-20250403.1 18.0.8-20250505.2 18.0.6-20250403.1

      Expected behavior

      Octavia client certs should be renewed

      Bug impact

      Octavia is unable to manage and create amphoras

      Additional context

      RHOSO FR2 Deployment with DCN/DZ architecture

              rhn-support-gthiemon Gregory Thiemonge
              smsallem@redhat.com Soumaya Msallem
              rhos-dfg-networking-squad-vans
              Votes:
              1 Vote for this issue
              Watchers:
              8 Start watching this issue

                Created:
                Updated: