Disable nodes autoreboot when the certificates of kube-apiserver-to-kubelet-signer is rotated or removed in OCP 4

Solution Verified - Updated -

Issue

  • Avoid Openshift Container Platform 4.x cluster machine autoreboot when the cluster certificate of kube-apiserver-to-kubelet-signer is rotated (automatically rotating after 80 percent of the 1 year life time, at around 292 days) or removed (at 365 days) / pausing ALL updates to any nodes on the system
  • Because of the autoreboot is managed by the cluster when the certificate of kube-apiserver-to-kubelet-signer is rotated or removed. If the autoreboot which is unwanted at that moment, it can be paused by the Administrator.

Environment

  • Red Hat Openshift Container Platform (RHOCP)
    • 4

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content