$ oc get csr
No resources found in default namespace.
$ oc get nodes
NAME STATUS ROLES AGE VERSION
compute-0 Ready worker 43d v1.16.2
compute-1 Ready worker 123d v1.16.2
master-0 Ready infra,master,worker 123d v1.16.2
master-1 Ready master,worker 123d v1.16.2
master-2 Ready master,worker 123d v1.16.2
$ virsh list
Id Name State
----------------------------------------------------
32 demo-master-0 running
33 demo-master-1 running
34 demo-master-2 running
35 demo-compute-0 running
36 demo-compute-1 running./docs/add-node/add-node-rhcos.yaml -e @cluster-demo.yaml
$ virsh list
Id Name State
----------------------------------------------------
32 demo-master-0 running
33 demo-master-1 running
34 demo-master-2 running
35 demo-compute-0 running
36 demo-compute-1 running
43 demo-compute-4 running
Wait for node try to join!
$ oc get csr
NAME AGE REQUESTOR CONDITION
csr-2whmp 36s system:serviceaccount:openshift-machine-config-operator:node-bootstrapper Pending
$ oc get node
NAME STATUS ROLES AGE VERSION
compute-0 Ready worker 43d v1.16.2
compute-1 Ready worker 124d v1.16.2
master-0 Ready infra,master,worker 124d v1.16.2
master-1 Ready master,worker 124d v1.16.2
master-2 Ready master,worker 124d v1.16.2
$ oc get csr/csr-2whmp -o yaml
apiVersion: certificates.k8s.io/v1beta1
kind: CertificateSigningRequest
metadata:
creationTimestamp: "2020-03-27T14:10:08Z"
generateName: csr-
name: csr-2whmp
resourceVersion: "69609347"
selfLink: /apis/certificates.k8s.io/v1beta1/certificatesigningrequests/csr-2whmp
uid: 79174976-bca7-4c2a-b797-0e2eb6ad22ba
spec:
groups:
- system:serviceaccounts
- system:serviceaccounts:openshift-machine-config-operator
- system:authenticated
request: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0KTUlIek1JR1pBZ0VBTURjeEZUQVRCZ05WQkFvVERITjVjM1JsYlRwdWIyUmxjekVlTUJ3R0ExVUVBeE1WYzNsegpkR1Z0T201dlpHVTZZMjl0Y0hWMFpTMDFNRmt3RXdZSEtvWkl6ajBDQVFZSUtvWkl6ajBEQVFjRFFnQUU0YkNMCnVpUjdQL1RGcmJnd2lUejVsUHZEa2ZWcFFIUzZBd2VLSjJmWTVSemlzM2dEajJncUp6eXdTR05zelJGNFhUMVkKdWhLMGpCaDZEKzAvM2N5SWM2QUFNQW9HQ0NxR1NNNDlCQU1DQTBrQU1FWUNJUURSbGVFMkEwU0wrSWNkdzlCZgpIY3ozMEtxTzBudmFIL05QNnE3anpHTGtDd0loQU5FSEFPOFR3NkJvRTV1ZVY4NG9IYmhxT0lhV1U5QWMwekQ3CkpUSU84cUN5Ci0tLS0tRU5EIENFUlRJRklDQVRFIFJFUVVFU1QtLS0tLQo=
uid: 7e1d672a-0ec4-11ea-9e24-525400a83202
usages:
- digital signature
- key encipherment
- client auth
username: system:serviceaccount:openshift-machine-config-operator:node-bootstrapper
status: {}
$ oc get csr/csr-2whmp -o yaml | grep request: | awk '{ print $2}' | base64 -d | openssl req -noout -text
Certificate Request:
Data:
Version: 0 (0x0)
Subject: O=system:nodes, CN=system:node:compute-5
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:e1:b0:8b:ba:24:7b:3f:f4:c5:ad:b8:30:89:3c:
f9:94:fb:c3:91:f5:69:40:74:ba:03:07:8a:27:67:
d8:e5:1c:e2:b3:78:03:8f:68:2a:27:3c:b0:48:63:
6c:cd:11:78:5d:3d:58:ba:12:b4:8c:18:7a:0f:ed:
3f:dd:cc:88:73
ASN1 OID: prime256v1
NIST CURVE: P-256
Attributes:
a0:00
Signature Algorithm: ecdsa-with-SHA256
30:46:02:21:00:d1:95:e1:36:03:44:8b:f8:87:1d:c3:d0:5f:
1d:cc:f7:d0:aa:8e:d2:7b:da:1f:f3:4f:ea:ae:e3:cc:62:e4:
0b:02:21:00:d1:07:00:ef:13:c3:a0:68:13:9b:9e:57:ce:28:
1d:b8:6a:38:86:96:53:d0:1c:d3:30:fb:25:32:0e:f2:a0:b2
$ oc adm certificate approve csr/csr-2whmp
certificatesigningrequest.certificates.k8s.io/csr-2whmp approved
$ oc get csr/csr-2whmp -o yaml
apiVersion: certificates.k8s.io/v1beta1
kind: CertificateSigningRequest
metadata:
creationTimestamp: "2020-03-27T14:10:08Z"
generateName: csr-
name: csr-2whmp
resourceVersion: "69610827"
selfLink: /apis/certificates.k8s.io/v1beta1/certificatesigningrequests/csr-2whmp
uid: 79174976-bca7-4c2a-b797-0e2eb6ad22ba
spec:
groups:
- system:serviceaccounts
- system:serviceaccounts:openshift-machine-config-operator
- system:authenticated
request: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0KTUlIek1JR1pBZ0VBTURjeEZUQVRCZ05WQkFvVERITjVjM1JsYlRwdWIyUmxjekVlTUJ3R0ExVUVBeE1WYzNsegpkR1Z0T201dlpHVTZZMjl0Y0hWMFpTMDFNRmt3RXdZSEtvWkl6ajBDQVFZSUtvWkl6ajBEQVFjRFFnQUU0YkNMCnVpUjdQL1RGcmJnd2lUejVsUHZEa2ZWcFFIUzZBd2VLSjJmWTVSemlzM2dEajJncUp6eXdTR05zelJGNFhUMVkKdWhLMGpCaDZEKzAvM2N5SWM2QUFNQW9HQ0NxR1NNNDlCQU1DQTBrQU1FWUNJUURSbGVFMkEwU0wrSWNkdzlCZgpIY3ozMEtxTzBudmFIL05QNnE3anpHTGtDd0loQU5FSEFPOFR3NkJvRTV1ZVY4NG9IYmhxT0lhV1U5QWMwekQ3CkpUSU84cUN5Ci0tLS0tRU5EIENFUlRJRklDQVRFIFJFUVVFU1QtLS0tLQo=
uid: 7e1d672a-0ec4-11ea-9e24-525400a83202
usages:
- digital signature
- key encipherment
- client auth
username: system:serviceaccount:openshift-machine-config-operator:node-bootstrapper
status:
certificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUNsVENDQVgyZ0F3SUJBZ0lVWWpzdGNEem5rcUluaFNyRk83L1hsNmR0Q0VRd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0pqRWtNQ0lHQTFVRUF3d2JhM1ZpWlMxamMzSXRjMmxuYm1WeVgwQXhOVGcxTWprd05qYzVNQjRYRFRJdwpNRE15TnpFME1EZ3dNRm9YRFRJd01EUXlOakEyTWpZek9Gb3dOekVWTUJNR0ExVUVDaE1NYzNsemRHVnRPbTV2ClpHVnpNUjR3SEFZRFZRUURFeFZ6ZVhOMFpXMDZibTlrWlRwamIyMXdkWFJsTFRVd1dUQVRCZ2NxaGtqT1BRSUIKQmdncWhrak9QUU1CQndOQ0FBVGhzSXU2SkhzLzlNV3R1RENKUFBtVSs4T1I5V2xBZExvREI0b25aOWpsSE9LegplQU9QYUNvblBMQklZMnpORVhoZFBWaTZFclNNR0hvUDdUL2R6SWh6bzNVd2N6QU9CZ05WSFE4QkFmOEVCQU1DCkJhQXdFd1lEVlIwbEJBd3dDZ1lJS3dZQkJRVUhBd0l3REFZRFZSMFRBUUgvQkFJd0FEQWRCZ05WSFE0RUZnUVUKaGR2L0VaMUFRZ1FublM0ODRYdWJBZzBNS0ZZd0h3WURWUjBqQkJnd0ZvQVVYeGNKRzhteXRmY3VkN0ZLcEtwQQpWUDhvcDkwd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFGUm9Ia0VsWTVPYUs0MXdjZXUwbmI0ZHhLT2g1L2o5CjZpY05PenhGUnZpSm9jY2RiTnNJSE1qaXRLOXcyWnNHR2ZhQkl0QmIwNmJHTGdydVF1VW93dGIrMUJzV3hZNTcKejMzSTE3cGZIaWVTRE5ETERZSzJ1Sm9ONG9jNDBiM25EYjRiSjJ0VmprSmVkN3FuQUNVVVRDYmJnaFdpc1pPQwpOZ3ltQ3JFWG5sbXFrWHZLc0dRY2o0anhWYktkMHRsQ21MeDRIV1FBbElKQTllYTl1RnlETTlMWkc1QjBXenJvCllqNWUyWEdaVFZkVkF0OTlaN2F4M0JDNHMwU2o3RDNCUDBoUVVCOUVjUElRSG5FKzFXc1AzbGRjNnlkNnM0UkYKaUp5bTJpWkgzNnpabEtwWWZFS1VQalpiMTBVMjBxTEtGN3ZHeWFNZ1M3cDd3Vm9DTVhrVzI2cz0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
conditions:
- lastUpdateTime: "2020-03-27T14:12:40Z"
message: This CSR was approved by kubectl certificate approve.
reason: KubectlApprove
type: Approved
$ oc get csr/csr-2whmp -o yaml | grep certificate: | awk '{ print $2}' | base64 -d | openssl x509 -noout -subject -issuer -dates
subject= /O=system:nodes/CN=system:node:compute-5
issuer= /CN=kube-csr-signer_@1585290679
notBefore=Mar 27 14:08:00 2020 GMT
notAfter=Apr 26 06:26:38 2020 GMT
$ oc get nodes
NAME STATUS ROLES AGE VERSION
compute-0 Ready worker 43d v1.16.2
compute-1 Ready worker 124d v1.16.2
compute-5 NotReady worker 10s v1.16.2
master-0 Ready infra,master,worker 124d v1.16.2
master-1 Ready master,worker 124d v1.16.2
master-2 Ready master,worker 124d v1.16.2
$ oc get csr
NAME AGE REQUESTOR CONDITION
csr-2whmp 3m6s system:serviceaccount:openshift-machine-config-operator:node-bootstrapper Approved,Issued
csr-fb4hd 20s system:node:compute-5 Pending
$ oc get csr/csr-fb4hd -o yaml
apiVersion: certificates.k8s.io/v1beta1
kind: CertificateSigningRequest
metadata:
creationTimestamp: "2020-03-27T14:12:54Z"
generateName: csr-
name: csr-fb4hd
resourceVersion: "69610991"
selfLink: /apis/certificates.k8s.io/v1beta1/certificatesigningrequests/csr-fb4hd
uid: 957a58f4-cf8e-476a-b3a0-ee79d72fdfd9
spec:
groups:
- system:nodes
- system:authenticated
request: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0KTUlJQklEQ0J4Z0lCQURBM01SVXdFd1lEVlFRS0V3eHplWE4wWlcwNmJtOWtaWE14SGpBY0JnTlZCQU1URlhONQpjM1JsYlRwdWIyUmxPbU52YlhCMWRHVXROVEJaTUJNR0J5cUdTTTQ5QWdFR0NDcUdTTTQ5QXdFSEEwSUFCSVhOCkg5TTQ5d3Bja1lRQnBqRXVnY3FtNWRFZmkva0ZKLzY3b04vR09VM0dMVXk2dTROYVhFWjZZenhTWTl2MGRkRy8KcEpjVHRjV3ZWRXphS1hZZ0h2K2dMVEFyQmdrcWhraUc5dzBCQ1E0eEhqQWNNQm9HQTFVZEVRUVRNQkdDQ1dOdgpiWEIxZEdVdE5ZY0V3S2d5RVRBS0JnZ3Foa2pPUFFRREFnTkpBREJHQWlFQThTWkFnaFVXMC9sdzBBVXBUWklKClNaUTJSdERGbnlLckV5R2ZYdk1hVlRBQ0lRQzFEeWZmNDVTbzcvQUUvVVF3RGUzWnNvRHZRbWlUWklidE1pMkYKMndxb3pBPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUgUkVRVUVTVC0tLS0tCg==
usages:
- digital signature
- key encipherment
- server auth
username: system:node:compute-5
status: {}
$ oc get csr/csr-fb4hd -o yaml | grep request: | awk '{ print $2}' | base64 -d | openssl req -noout -text
Certificate Request:
Data:
Version: 0 (0x0)
Subject: O=system:nodes, CN=system:node:compute-5
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:85:cd:1f:d3:38:f7:0a:5c:91:84:01:a6:31:2e:
81:ca:a6:e5:d1:1f:8b:f9:05:27:fe:bb:a0:df:c6:
39:4d:c6:2d:4c:ba:bb:83:5a:5c:46:7a:63:3c:52:
63:db:f4:75:d1:bf:a4:97:13:b5:c5:af:54:4c:da:
29:76:20:1e:ff
ASN1 OID: prime256v1
NIST CURVE: P-256
Attributes:
Requested Extensions:
X509v3 Subject Alternative Name:
DNS:compute-5, IP Address:192.168.50.17
Signature Algorithm: ecdsa-with-SHA256
30:46:02:21:00:f1:26:40:82:15:16:d3:f9:70:d0:05:29:4d:
92:09:49:94:36:46:d0:c5:9f:22:ab:13:21:9f:5e:f3:1a:55:
30:02:21:00:b5:0f:27:df:e3:94:a8:ef:f0:04:fd:44:30:0d:
ed:d9:b2:80:ef:42:68:93:64:86:ed:32:2d:85:db:0a:a8:cc
$ oc get nodes
NAME STATUS ROLES AGE VERSION
compute-0 Ready worker 43d v1.16.2
compute-1 Ready worker 124d v1.16.2
compute-5 Ready worker 3m40s v1.16.2
master-0 Ready infra,master,worker 124d v1.16.2
master-1 Ready master,worker 124d v1.16.2
master-2 Ready master,worker 124d v1.16.2
$ oc get csr
NAME AGE REQUESTOR CONDITION
csr-2whmp 6m40s system:serviceaccount:openshift-machine-config-operator:node-bootstrapper Approved,Issued
csr-fb4hd 3m54s system:node:compute-5 Pending
$ oc adm node-logs compute-5
error: the server is currently unable to handle the request
Error trying to reach service: 'remote error: tls: internal error'
$ oc adm certificate approve csr-fb4hd
certificatesigningrequest.certificates.k8s.io/csr-fb4hd approved
$ oc adm node-logs compute-5 | head -n 5
-- Logs begin at Fri 2020-03-27 14:08:34 UTC, end at Fri 2020-03-27 14:18:51 UTC. --
Mar 27 14:08:34 localhost kernel: Linux version 4.18.0-147.3.1.el8_1.x86_64 ([email protected]) (gcc version 8.3.1 20190507 (Red Hat 8.3.1-4) (GCC)) #1 SMP Wed Nov 27 01:11:44 UTC 2019
Mar 27 14:08:34 localhost kernel: Command line: BOOT_IMAGE=(hd0,gpt1)/ostree/rhcos-9a8c2fd60f5219ecf823c685ed70097b8c55bb8b0d43e4192737ea7918630918/vmlinuz-4.18.0-147.3.1.el8_1.x86_64 ignition.firstboot rd.neednet=1 ip=dhcp rhcos.root=crypt_rootfs console=tty0 console=ttyS0,115200n8 ignition.platform.id=qemu rd.luks.options=discard ostree=/ostree/boot.1/rhcos/9a8c2fd60f5219ecf823c685ed70097b8c55bb8b0d43e4192737ea7918630918/0
Mar 27 14:08:34 localhost kernel: x86/fpu: x87 FPU will use FXSAVE
Mar 27 14:08:34 localhost kernel: BIOS-provided physical RAM map:
$ oc get csr
NAME AGE REQUESTOR CONDITION
csr-v28gf 9m18s system:serviceaccount:openshift-machine-config-operator:node-bootstrapper Pending
$ oc get csr/csr-v28gf -o yaml
apiVersion: certificates.k8s.io/v1beta1
kind: CertificateSigningRequest
metadata:
creationTimestamp: "2020-03-27T11:55:46Z"
generateName: csr-
name: csr-v28gf
resourceVersion: "69534804"
selfLink: /apis/certificates.k8s.io/v1beta1/certificatesigningrequests/csr-v28gf
uid: 4c3c53fc-87be-4f33-9c40-e83f7dd8bac8
spec:
groups:
- system:serviceaccounts
- system:serviceaccounts:openshift-machine-config-operator
- system:authenticated
request: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0KTUlIeU1JR1pBZ0VBTURjeEZUQVRCZ05WQkFvVERITjVjM1JsYlRwdWIyUmxjekVlTUJ3R0ExVUVBeE1WYzNsegpkR1Z0T201dlpHVTZZMjl0Y0hWMFpTMDFNRmt3RXdZSEtvWkl6ajBDQVFZSUtvWkl6ajBEQVFjRFFnQUVZWDR5ClMvUGw1Z2ZIUnBFY3NwOWoyWmo1NzdPZFh5Y2kyNm9OenkxMExXSWRyTlIwSkMrY3IrS2M2TFAvc2dDYU9TcFMKcDRyTFlwY2lBaTA0QUxFOWhxQUFNQW9HQ0NxR1NNNDlCQU1DQTBnQU1FVUNJQzZlRXo0bVhOZDRtMFFaLzVuaQpDL0R4NmJBQTAzY1paSnErQ0NBTUxHT1hBaUVBaTBSRUd3Z0Q3c2lDdWJHemhwZ1JyaGh5Y3pnd1pEQWhkMDR3CnJiK3BHMWM9Ci0tLS0tRU5EIENFUlRJRklDQVRFIFJFUVVFU1QtLS0tLQo=
uid: 7e1d672a-0ec4-11ea-9e24-525400a83202
usages:
- digital signature
- key encipherment
- client auth
username: system:serviceaccount:openshift-machine-config-operator:node-bootstrapper
status: {}
echo LS0tLS1CRUdJTiBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0KTUlIeU1JR1pBZ0VBTURjeEZUQVRCZ05WQkFvVERITjVjM1JsYlRwdWIyUmxjekVlTUJ3R0ExVUVBeE1WYzNsegpkR1Z0T201dlpHVTZZMjl0Y0hWMFpTMDFNRmt3RXdZSEtvWkl6ajBDQVFZSUtvWkl6ajBEQVFjRFFnQUVZWDR5ClMvUGw1Z2ZIUnBFY3NwOWoyWmo1NzdPZFh5Y2kyNm9OenkxMExXSWRyTlIwSkMrY3IrS2M2TFAvc2dDYU9TcFMKcDRyTFlwY2lBaTA0QUxFOWhxQUFNQW9HQ0NxR1NNNDlCQU1DQTBnQU1FVUNJQzZlRXo0bVhOZDRtMFFaLzVuaQpDL0R4NmJBQTAzY1paSnErQ0NBTUxHT1hBaUVBaTBSRUd3Z0Q3c2lDdWJHemhwZ1JyaGh5Y3pnd1pEQWhkMDR3CnJiK3BHMWM9Ci0tLS0tRU5EIENFUlRJRklDQVRFIFJFUVVFU1QtLS0tLQo= | base64 -d | openssl req -noout -text
Certificate Request:
Data:
Version: 0 (0x0)
Subject: O=system:nodes, CN=system:node:compute-5
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:61:7e:32:4b:f3:e5:e6:07:c7:46:91:1c:b2:9f:
63:d9:98:f9:ef:b3:9d:5f:27:22:db:aa:0d:cf:2d:
74:2d:62:1d:ac:d4:74:24:2f:9c:af:e2:9c:e8:b3:
ff:b2:00:9a:39:2a:52:a7:8a:cb:62:97:22:02:2d:
38:00:b1:3d:86
ASN1 OID: prime256v1
NIST CURVE: P-256
Attributes:
a0:00
Signature Algorithm: ecdsa-with-SHA256
30:45:02:20:2e:9e:13:3e:26:5c:d7:78:9b:44:19:ff:99:e2:
0b:f0:f1:e9:b0:00:d3:77:19:64:9a:be:08:20:0c:2c:63:97:
02:21:00:8b:44:44:1b:08:03:ee:c8:82:b9:b1:b3:86:98:11:
ae:18:72:73:38:30:64:30:21:77:4e:30:ad:bf:a9:1b:57
oc adm certificate approve csr/csr-v28gf
oc get csr -A Fri Mar 27 13:08:25 2020
NAME AGE REQUESTOR CONDITION
csr-85mhs 18s system:node:compute-5 Pending
csr-v28gf 12m system:serviceaccount:openshift-machine-config-operator:node-bootstrapper Approved,Issued
oc get csr/csr-85mhs -o yaml
apiVersion: certificates.k8s.io/v1beta1
kind: CertificateSigningRequest
metadata:
creationTimestamp: "2020-03-27T12:08:08Z"
generateName: csr-
name: csr-85mhs
resourceVersion: "69541494"
selfLink: /apis/certificates.k8s.io/v1beta1/certificatesigningrequests/csr-85mhs
uid: 1da9408c-2098-4620-a897-91b0e372b4da
spec:
groups:
- system:nodes
- system:authenticated
request: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0KTUlJQkh6Q0J4Z0lCQURBM01SVXdFd1lEVlFRS0V3eHplWE4wWlcwNmJtOWtaWE14SGpBY0JnTlZCQU1URlhONQpjM1JsYlRwdWIyUmxPbU52YlhCMWRHVXROVEJaTUJNR0J5cUdTTTQ5QWdFR0NDcUdTTTQ5QXdFSEEwSUFCSkVECnkwZG1FRnBhSG5yeE1FVXJveStEODdwSGlWTFBoUG5oR0xiNExZQlIvWStuaU85ODI2eTVTeFFUSGRxYnlYZlEKc2gyek1RTEE3cXhpeXpVNUZHYWdMVEFyQmdrcWhraUc5dzBCQ1E0eEhqQWNNQm9HQTFVZEVRUVRNQkdDQ1dOdgpiWEIxZEdVdE5ZY0V3S2d5RVRBS0JnZ3Foa2pPUFFRREFnTklBREJGQWlCaEpCYzNhamMxZjBDUlgyTzhhME5ICktPcUJ2am4za2RNZXdweDZjV1Z3c0FJaEFQU2ZZUVRtTjY5YlJNeFhhZmwxaXd5VUwvUjdjKzhzanZ0eTJrMXUKM0JrWgotLS0tLUVORCBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0K
usages:
- digital signature
- key encipherment
- server auth
username: system:node:compute-5
status: {}
echo LS0tLS1CRUdJTiBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0KTUlJQkh6Q0J4Z0lCQURBM01SVXdFd1lEVlFRS0V3eHplWE4wWlcwNmJtOWtaWE14SGpBY0JnTlZCQU1URlhONQpjM1JsYlRwdWIyUmxPbU52YlhCMWRHVXROVEJaTUJNR0J5cUdTTTQ5QWdFR0NDcUdTTTQ5QXdFSEEwSUFCSkVECnkwZG1FRnBhSG5yeE1FVXJveStEODdwSGlWTFBoUG5oR0xiNExZQlIvWStuaU85ODI2eTVTeFFUSGRxYnlYZlEKc2gyek1RTEE3cXhpeXpVNUZHYWdMVEFyQmdrcWhraUc5dzBCQ1E0eEhqQWNNQm9HQTFVZEVRUVRNQkdDQ1dOdgpiWEIxZEdVdE5ZY0V3S2d5RVRBS0JnZ3Foa2pPUFFRREFnTklBREJGQWlCaEpCYzNhamMxZjBDUlgyTzhhME5ICktPcUJ2am4za2RNZXdweDZjV1Z3c0FJaEFQU2ZZUVRtTjY5YlJNeFhhZmwxaXd5VUwvUjdjKzhzanZ0eTJrMXUKM0JrWgotLS0tLUVORCBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0K | base64 -d | openssl req -noout -text Certificate Request:
Data:
Version: 0 (0x0)
Subject: O=system:nodes, CN=system:node:compute-5
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:91:03:cb:47:66:10:5a:5a:1e:7a:f1:30:45:2b:
a3:2f:83:f3:ba:47:89:52:cf:84:f9:e1:18:b6:f8:
2d:80:51:fd:8f:a7:88:ef:7c:db:ac:b9:4b:14:13:
1d:da:9b:c9:77:d0:b2:1d:b3:31:02:c0:ee:ac:62:
cb:35:39:14:66
ASN1 OID: prime256v1
NIST CURVE: P-256
Attributes:
Requested Extensions:
X509v3 Subject Alternative Name:
DNS:compute-5, IP Address:192.168.50.17
Signature Algorithm: ecdsa-with-SHA256
30:45:02:20:61:24:17:37:6a:37:35:7f:40:91:5f:63:bc:6b:
43:47:28:ea:81:be:39:f7:91:d3:1e:c2:9c:7a:71:65:70:b0:
02:21:00:f4:9f:61:04:e6:37:af:5b:44:cc:57:69:f9:75:8b:
0c:94:2f:f4:7b:73:ef:2c:8e:fb:72:da:4d:6e:dc:19:19
oc get nodes
NAME STATUS ROLES AGE VERSION
compute-0 Ready worker 43d v1.16.2
compute-1 Ready worker 123d v1.16.2
compute-2 NotReady worker 123d v1.16.2
compute-5 Ready worker 4m52s v1.16.2
master-0 Ready infra,master,worker 123d v1.16.2
master-1 Ready master,worker 123d v1.16.2
master-2 Ready master,worker 123d v1.16.2
oc adm certificate approve csr-85mhs
oc get csr/csr-v28gf -o yaml | grep certificate: | awk '{ print $2}' | base64 -d | openssl x509 -noout -subject -issuer -dates
subject= /O=system:nodes/CN=system:node:compute-5
issuer= /CN=kube-csr-signer_@1585290679
notBefore=Mar 27 12:03:00 2020 GMT
notAfter=Apr 26 06:26:19 2020 GMT
oc get csr/csr-85mhs -o yaml | grep certificate: | awk '{ print $2}' | base64 -d | openssl x509 -noout -subject -issuer -dates
subject= /O=system:nodes/CN=system:node:compute-5
issuer= /CN=kube-csr-signer_@1585290679
notBefore=Mar 27 12:09:00 2020 GMT
notAfter=Apr 26 06:26:29 2020 GMT