It was seen that during a SX-DX migration, k8s certificate is missing
controller-0's cluster host IP in SANs. This is making problems on
controller-0 after it unlocks as duplex.
This change updates platform::kubernetes::certsans::runtime to add
controller-0 and controller-1 cluster host IP in the config file
used when regenerating apiserver cert files.
Test Plan:
PASS: run a migration on AIO-SX standalone and AIO-SX subcloud.
PASS: Swact to make controller-1 as active, modify OAM IP,
check apiserver.crt on both controllers, and verify cluster host IP for
both controllers are added in SANs.
Reviewed: https:/ /review. opendev. org/c/starlingx /stx-puppet/ +/839394 /opendev. org/starlingx/ stx-puppet/ commit/ 0709f70b023bad9 17f594805a1a00e f33faaf10e
Committed: https:/
Submitter: "Zuul (22348)"
Branch: master
commit 0709f70b023bad9 17f594805a1a00e f33faaf10e
Author: Enzo Candotti <email address hidden>
Date: Tue Apr 26 11:38:12 2022 -0300
Upgrade k8s certificates during SX-DX migration
It was seen that during a SX-DX migration, k8s certificate is missing
controller-0's cluster host IP in SANs. This is making problems on
controller-0 after it unlocks as duplex.
This change updates platform: :kubernetes: :certsans: :runtime to add
controller-0 and controller-1 cluster host IP in the config file
used when regenerating apiserver cert files.
Test Plan:
PASS: run a migration on AIO-SX standalone and AIO-SX subcloud.
PASS: Swact to make controller-1 as active, modify OAM IP,
check apiserver.crt on both controllers, and verify cluster host IP for
both controllers are added in SANs.
Closes-bug: 1970443
Signed-off-by: Enzo Candotti <email address hidden> 439da737ade8a5a 0e57b96f673
Change-Id: I2e225df2c402f4