OCPBUGS55748 Nodes become temporarily after updating only the trusted CA bundle #95125
Conversation
openshift-ci
bot
added
the
size/XS
|
@dkhater-redhat PTAL |
|
🤖 Wed Jun 25 16:14:22 - Prow CI generated the docs preview: |
|
lgtm |
|
looks good |
mburke5678
added
the
peer-review-needed
lahinson
added
peer-review-in-progress
| If you update only the trusted CA for your cluster, the MCO updates the `/etc/pki/ca-trust/source/anchors/openshift-config-user-ca-bundle.crt` file and the Machine Config Controller (MCC) applies the trusted CA update to each node so that a node reboot is not required. Changing any other parameter in the `openshift-config-user-ca-bundle.crt` file, such as `noproxy`, results in the MCO rebooting each node in your cluster. | ||
| If you update only the trusted CA for your cluster, the MCO updates the `/etc/pki/ca-trust/source/anchors/openshift-config-user-ca-bundle.crt` file and the Machine Config Controller (MCC) applies the trusted CA update to each node so that a node reboot is not required. However, with these changes, the Machine Config Daemon (MCD) restarts critical services on the node, such as kubelet and CRI-O. These service restarts cause each node to briefly enter the `NotReady` state until the service is fully restarted. | ||
| Changing any other parameter in the `openshift-config-user-ca-bundle.crt` file, such as `noproxy`, results in the MCO rebooting each node in your cluster. |
There was a problem hiding this comment.
| Changing any other parameter in the `openshift-config-user-ca-bundle.crt` file, such as `noproxy`, results in the MCO rebooting each node in your cluster. | |
| If you change any other parameter in the `openshift-config-user-ca-bundle.crt` file, such as `noproxy`, the MCO reboots each node in your cluster. |
Suggestion to use second person to better engage the reader. Reference: https://www.ibm.com/docs/en/ibm-style?topic=grammar-verbs#second-person
lahinson
left a comment
lahinson
left a comment
There was a problem hiding this comment.
LGTM. Just one comment for your consideration.
lahinson
added
peer-review-done
mburke5678
force-pushed
the
mco-not-ready-update-trusted-ca
branch
from
8e492e6 to
5ba8e70
Compare
|
@mburke5678: all tests passed! Full PR test history. Your PR dashboard. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
|
/cherrypick enterprise-4.14 |
|
@mburke5678: new pull request created: #95225 DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
@mburke5678: new pull request created: #95226 DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
@mburke5678: new pull request created: #95227 DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
@mburke5678: new pull request created: #95228 DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
@mburke5678: new pull request created: #95229 DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
@mburke5678: new pull request created: #95230 DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
@mburke5678: new pull request created: #95231 DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
6 participants
https://issues.redhat.com/browse/OCPBUGS-55748
Link to docs preview:
Replacing the default ingress certificate -> Updated note in Step 2.
Version(s):
4.14+
QE review:
Additional information:
<!--- Optional: Include additional context or expand the description here.--->