cert-rotation cron job doesn't renew certs in 3 conf files
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
StarlingX |
Fix Released
|
High
|
Andy |
Bug Description
Brief Description
-----------------
cert-rotation cron job doesn't renew certs in admin.conf, scheduler.conf, controller-
Severity
--------
<Critical: System/Feature is not usable due to the defect>
Steps to Reproduce
------------------
- Update apiserver.crt to have expiry date within 90 days (10 days for example)
- Let the system run over night (the kube cert rotation cron job runs every day at midnight)
- Check kube certificate expiration by
kubeadm alpha certs check-expiration
Expected Behavior
------------------
The admin.conf should be updated and have 364 days before expiration.
Actual Behavior
----------------
The cert in admin.conf doesn't get renewed and still have the original expiry date.
Reproducibility
---------------
100% reproducible
System Configuration
-------
Any
Branch/Pull Time/Commit
-------
stx master
Last Pass
---------
Unknown
Timestamp/Logs
--------------
/var/log/cron.log
2021-04-
2021-04-
2021-04-
2021-04-
2021-04-
2021-04-
2021-04-
2021-04-
2021-04-
2021-04-
2021-04-
2021-04-
2021-04-
2021-04-
2021-04-
2021-04-
Test Activity
-------------
Developer Testing
Workaround
----------
Manually renew cert in admin.conf, scheduler.conf, controller-
Changed in starlingx: | |
assignee: | nobody → Andy (andy.wrs) |
tags: | added: stx.config stx.security |
tags: | added: stx.6.0 |
Changed in starlingx: | |
importance: | Undecided → High |
Fix proposed to branch: master /review. opendev. org/c/starlingx /config/ +/802610
Review: https:/