cert-mon fails to monitor platform cert changes
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
StarlingX |
Fix Released
|
High
|
Kyle MacLeod |
Bug Description
Brief Description
Cert-mon is not monitoring the platform certs, there might be other areas where cert-mon involved is broken
Severity
major
Steps to Reproduce
1)create the following
---
apiVersion: v1
data:
tls.crt: LS0tLS1CRUdJTiB
tls.key: LS0tLS1CRUdJTiB
kind: Secret
metadata:
name: stepca-ica-secret
namespace: deployment
type: kubernetes.io/tls
---
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: stepca-issuer
namespace: deployment
spec:
ca:
secretName: stepca-ica-secret
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: system-
namespace: deployment
spec:
secretName: system-
dnsNames:
- cgcs-r430-
ipAddresses:
- 128.224.150.49
- 192.168.204.1
issuerRef:
name: stepca-issuer
kind: Issuer
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: system-
namespace: deployment
spec:
secretName: system-
dnsNames:
- registry.local
- registry.central
ipAddresses:
- 128.224.150.49
- 192.168.204.1
issuerRef:
name: stepca-issuer
kind: Issuer
---
2)apply the config
3)verify certs are issued
[sysadmin@
NAMESPACE NAME READY SECRET AGE
deployment system-
deployment system-
deployment system-
platform-
[sysadmin@
4)when the "system-
Expected Behavior
platform certs are monitored by cert-mon
Actual Behavior
cert-mon fails to monitor platform cert changes
Reproducibility
100%
System Configuration
r730_1-2
[sysadmin@
SW_VERSION="22.12"
BUILD_TARGET="Host Installer"
BUILD_TYPE="Formal"
BUILD_ID=
SRC_BUILD_
BUILD_BY="jenkins"
BUILD_NUMBER="178"
BUILD_HOST=
BUILD_DATE=
Last Pass
2022-11-27 23:00:09 +0000, 22.12 build
Timestamp/Logs
/folk/cgts_
Alarms
na
Test Activity
random testing
Workaround
Describe workaround if available
Changed in starlingx: | |
assignee: | nobody → Kyle MacLeod (kmacleod) |
importance: | Undecided → Medium |
importance: | Medium → High |
tags: | added: stx.8.0 stx.config stx.security |
Fix proposed to branch: master /review. opendev. org/c/starlingx /config/ +/866202
Review: https:/