May 09, 2019
If you are a serial upgrader like me, you may have found that at one point during your 3.10.xx patching (say 3.10.119) you hit this error during the data plane upgrade:
Turns out this was because the start up of
atomic-openshift-node failed to generate a CSR.
And why is that? It is because
/etc/origin/node/bootstrap.kubeconfig is out of date. Why is this? A bug in the upgrade apparently.
The fix is the same as it would be to replace the node certificates. There is a handy knowledgebase article for this.
Here is a playbook to replace bootstrap.kubeconfig and node certificates.
Here are the two tasks which were included above.