BugZero found this defect 587 days ago.
Data sources
All data on this page is proprietary to BugZero® or gathered from public sources
4/25/2024
F5OS
F5OS Velos
F5OS-C 1.3.1
F5OS-C 1.3.2
F5OS-C 1.5.0
F5OS-C 1.6.0
F5OS-C 1.5.1
See https://support.f5.com/csp/article/K64001020 The kubelet-server and kubelet-client certificates on each blade and controller expire after 365 days and are not automatically renewed when they expire. ... When the blade kubelet-server and kubelet-client certificates expire, the blade(s) will go offline in the openshift cluster, and be re-added to the Openshift cluster by the orchestration-manager daemon. ... This will cause a tenant outage. ... Impact ... The blade(s) will go offline in the Openshift cluster and be re-added to the Openshift cluster by the orchestration-manager daemon. ... This will cause a tenant outage, and the tenants may not restart correctly after the blades have been re-added to the cluster. ... Conditions ... Any system where the Openshift cluster was installed with a release of 1.5.0 or earlier. ... Workaround ... The renew_nodes.sh script mentioned in K64001020 can be used to renew the kubelet-server and kubelet-client certificates for one more year. ... I...