Certificate cluster-host unit IP is removed from the SAN list after OAM IP change
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
StarlingX |
Fix Released
|
Medium
|
Andy |
Bug Description
Brief Description
-----------------
On a SX system, after its OAM IP address changes, new kubernetes app deployment will fail. kube-scheduler and kube-controller
2023-10-
Severity
--------
Critical: System/Feature is not usable due to the defect
Steps to Reproduce
------------------
- On a AIO-SX system, change OAM IP address by:
system oam-modify oam_ip=<new IP>"
- Apply app, the app deployment will fail with certificate errors.
- Check /etc/kubernetes
Expected Behavior
------------------
- App deployment is successful
- cluster-host unit IP address is in apiserver cert's SAN list.
Actual Behavior
----------------
- App deployment fails.
- cluster-host unit IP address is missing from apiserver cert's SAN list.
Reproducibility
---------------
100% reproducible.
System Configuration
-------
One node system.
Branch/Pull Time/Commit
-------
STX master.
Last Pass
---------
Unknown.
Timestamp/Logs
--------------
See Description for the errors in logs.
Test Activity
-------------
Regression Testing.
Workaround
----------
N/A
Changed in starlingx: | |
assignee: | nobody → Andy (andy.wrs) |
Changed in starlingx: | |
importance: | Undecided → Medium |
tags: | added: stx.9.0 stx.config stx.security |
Fix proposed to branch: master /review. opendev. org/c/starlingx /stx-puppet/ +/900376
Review: https:/