-
Task
-
Resolution: Unresolved
-
Normal
-
None
-
None
-
None
-
Quality / Stability / Reliability
-
False
-
-
False
-
None
-
5
-
None
-
None
-
None
Test coverage for OCPBUGS-17528
Background
The MCO removed certificates from MachineConfig and moved them to controllerConfig:
- /etc/kubernetes/kubelet-ca.crt
- /etc/kubernetes/static-pod-resources/configmaps/cloud-config/ca-bundle.pem
- /etc/pki/ca-trust/source/anchors/openshift-config-user-ca-bundle.crt
WMCO was fixed in PR #1725 to read from controllerConfig.Spec.KubeAPIServerServingCAData instead of MachineConfig ignition.
Test Requirements
Verify that WMCO correctly provisions all three certificates on Windows nodes when they are stored in controllerConfig (not MachineConfig).
Existing Tests
- OCP-50924: Tests kubelet-ca.crt rotation but doesn't verify the source
- OCP-68320: Tests user-ca-bundle ConfigMap but not controllerConfig
- OCP-84267: Tests hybrid-overlay CA cert configuration
Related Issues
- Original QE tracking: OCPQE-16606
- Upstream fix:
OCPBUGS-17528(Closed - Done-Errata) - Fix PR: https://github.com/openshift/windows-machine-config-operator/pull/1725
- depends on
-
-
- To Do
-
- relates to
-
OCPBUGS-17528 WMCO needs to ensure it still has all necessary certs.
-
- Closed
-