Public bug reported: On Kubernetes deployments with cert_manager_api enabled, the certificate container fails to come up because there are five duplicate public certificates in /etc/kubernetes/certs/ca.crt, this causes the service to crash:
Apr 30 23:44:21 k8s-prod-24e2ug52zqb4-master-0 bash[153677]: I0430 23:44:21.416326 1 job_controller.go:144] Starting job controller Apr 30 23:44:21 k8s-prod-24e2ug52zqb4-master-0 bash[153677]: I0430 23:44:21.416470 1 shared_informer.go:223] Waiting for caches to sync for job Apr 30 23:44:21 k8s-prod-24e2ug52zqb4-master-0 bash[153677]: I0430 23:44:21.429543 1 dynamic_serving_content.go:111] Loaded a new cert/key pair for "csr-controller::/etc/kubernetes/certs/ca.crt::/etc/kubernetes/certs/ca.key" Apr 30 23:44:21 k8s-prod-24e2ug52zqb4-master-0 bash[153677]: E0430 23:44:21.430347 1 controllermanager.go:521] Error starting "csrsigning" Apr 30 23:44:21 k8s-prod-24e2ug52zqb4-master-0 bash[153677]: F0430 23:44:21.430532 1 controllermanager.go:235] error starting controllers: failed to start certificate controller: error reading CA cert file "csr-controller::/etc/kubernetes/certs/ca.crt::/etc/kubernetes/certs/ca.key": expected 1 certificate, found 5 Apr 30 23:44:21 k8s-prod-24e2ug52zqb4-master-0 podman[153677]: 2021-04-30 23:44:21.470875534 +0000 UTC m=+49.221008858 container died df7295074c1b7cbef19a79e6c8741b9dfbcb4fd608863978fb5924de8946ba05 (image=k8s.gcr.io/hyperkube:v1.18.2, name=kube-controller-manager) Apr 30 23:44:21 k8s-prod-24e2ug52zqb4-master-0 systemd[1]: kube-controller-manager.service: Main process exited, code=exited, status=255/EXCEPTION Apr 30 23:44:21 k8s-prod-24e2ug52zqb4-master-0 systemd[1]: kube-controller-manager.service: Failed with result 'exit-code'. Apr 30 23:44:31 k8s-prod-24e2ug52zqb4-master-0 systemd[1]: kube-controller-manager.service: Scheduled restart job, restart counter is at 456. ** Affects: magnum (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1926817 Title: kube-controller-manager crashes due to 5 duplicate certs in ca.crt To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/magnum/+bug/1926817/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs