Kubernetes Control Plane Charm

Regenerating Keystone certificates causes "Unauthorized" errors

Bug #1906545 reported by Peter De Sousa on 2020-12-02

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Kubernetes Control Plane Charm	Triaged	Medium	Unassigned

Bug Description

Hi,

When following the steps in: https://ubuntu.com/kubernetes/docs/ldap, if the certificates for the Keystone endpoints are re-generated and re-applied to the kubernetes-master unit and the keystone units, kubectl will fail to login always and return "Unauthorized".

Workaround:

Remove the keystone kubernetes-master relation completely, then re-add.

To do this run:

watch -n 20 juju remove-relation kubernetes-master keystone

Until "ERROR" is shown.

Then re-add the relation with juju add-relation kubernetes-master keystone

Cheers,

Peter

See original description

Revision history for this message

George Kraft (cynerva) wrote on 2020-12-03:

What charm revisions did you encounter this with?

Changed in charm-kubernetes-master:
status:	New → Incomplete

Revision history for this message

Peter De Sousa (pjds) wrote on 2020-12-03:

versioned_overlay.yaml Edit (1.5 KiB, text/plain)

Hi George,

The charm versions are attached as a versioned overlay, bundle to follow.

Revision history for this message

Peter De Sousa (pjds) wrote on 2020-12-03:

bundle.yaml Edit (16.2 KiB, text/plain)

Bundle attached

George Kraft (cynerva) on 2020-12-03

Changed in charm-kubernetes-master:
status:	Incomplete → New

George Kraft (cynerva) on 2020-12-15

Changed in charm-kubernetes-master:
importance:	Undecided → Medium
status:	New → Triaged

Peter De Sousa (pjds) on 2021-01-05

description:

updated

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Bug attachments

Add attachment

Remote bug watches

Bug watches keep track of this bug in other bug trackers.