Last active
July 31, 2023 15:17
-
-
Save fenar/58ab59311bae109f8fe80beceea5178a to your computer and use it in GitHub Desktop.
OCP-SNO Bootstrap Fails due to pending CSRs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Error: kubelet_node_status "unable to register node with api server" err="nodes is forbidden: user \"system:anonymous\" cannot create resource \"nodes\" in api group \"\" at the cluster scope" | |
<br> | |
$ oc get csr | |
<br> | |
''' | |
NAME AGE SIGNERNAME REQUESTOR REQUESTEDDURATION CONDITION | |
csr-7vmxb 33m kubernetes.io/kube-apiserver-client-kubelet system:serviceaccount:openshift-machine-config-operator:node-bootstrapper <none> Pending | |
csr-c2hc8 8m5s kubernetes.io/kube-apiserver-client-kubelet system:serviceaccount:openshift-machine-config-operator:node-bootstrapper <none> Pending | |
csr-nd65q 23m kubernetes.io/kube-apiserver-client-kubelet system:serviceaccount:openshift-machine-config-operator:node-bootstrapper <none> Pending | |
csr-zvv46 29m kubernetes.io/kube-apiserver-client-kubelet system:serviceaccount:openshift-machine-config-operator:node-bootstrapper <none> Pending | |
local-cluster-9zrxz 2d7h kubernetes.io/kube-apiserver-client system:open-cluster-management:local-cluster:2dqwk <none> Approved,Issued | |
sandbox01-6bvt6 34m kubernetes.io/kube-apiserver-client system:serviceaccount:sandbox01:sandbox01-bootstrap-sa <none> Pending | |
system:openshift:openshift-authenticator-mnk57 2d7h kubernetes.io/kube-apiserver-client | |
''' | |
<br> | |
$ oc get csr -o go-template='{{range .items}}{{if not .status}}{{.metadata.name}}{{"\n"}}{{end}}{{end}}' | xargs oc adm certificate approve | |
<br> | |
Make sure nothing is in pending still! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment