I've been having trouble to get openshift to reliably accept CA's for custom secure registries:
And it has worked sometimes and not others. The most frustrating bit is not being able to figure out when the CA certificates have been applied, sometimes just waiting 5 minutes is enough, other times, it never happens. I'm not sure what logs I need to watch so I know that it has seen it, and done something.
says that the
machine config operator (MCO) restarts nodes to apply the updates, but when I watch "oc get nodes", I don't see anything restarting, but sometimes it seems the certificates get applied anyway, somehow.
Additionally, the MCO is degraded in the cluster, and it's not clear why. All I have managed to find so far is timeout error messages in the MCO pod, and then in the MCO cluster operator status, it just says it timed out waiting for them to sync, and that they're all unavailable.
Where do I need to look to debug any errors related to the MCO?
Any help or pointers would be appreciated.