Redeploy certificates for service catalog components in OCP 3.9 and 3.11
Issue
- Certificate inside
etcd-auth-secret
is about to expire. - Renew certificate for
openshift-ansible-service-broker
. -
After renewing the OpenShift Container Platform Master certificate, the atomic-openshift-master-controller logs the following error:
Aug 04 11:24:49 server.local.host atomic-openshift-master-controllers[41971]: F0804 11:24:49.664755 41971 start_master.go:656] Error starting "openshift.io/cluster-quota-reconciliation" (failed to discover resources: unable to retrieve the complete list of server APIs: servicecatalog.k8s.io/v1beta1: an error on the server ("Error: 'x509: certificate has expired or is not yet valid'\nTrying to reach: 'https://1.2.3.4:443/apis/servicecatalog.k8s.io/v1beta1?timeout=32s'") has prevented the request from succeeding)
- In OCP 3.11 there is no way to redeploy service catalog certificates
Environment
- Red Hat OpenShift Container Platform (OCP)
- 3.9
- 3.11
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.