Node NotReady due to Unauthorized failure creating a new CSR in OpenShift 4.x

Solution Verified - Updated -

Issue

OpenShift 4.2 or 4.3 Node is reporting NotReady:

$ oc get nodes
NAME                            STATUS     ROLES    AGE   VERSION
(...)
worker-6j98d   NotReady   worker   22h   v1.16.2
(...)

The following error is reported in kubelet service logs on he affected node

[root@worker-6j98d ~]$ journalctl -u kubelet
(...)
May 02 07:22:45 worker-6j98d hyperkube[3046]: E0502 07:22:45.244413    3046 certificate_manager.go:385] Failed while requesting a signed certificate from the master: cannot create certificate signing request: Unauthorized
(...)

Missing /var/lib/kubelet/pki directory or /var/lib/kubelet/kubeconfig file on the affected node.

Environment

  • Red Hat OpenShift Container Platform 4.2
  • Red Hat OpenShift Container Platform 4.3

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content