2022/10/12 12:08:11 http: TLS handshake error from 10.130.0.33:36786: remote error: tls: bad certificate
While testing on OCP, I see this occur. IP above is kube-apiserver-operator
Within api server operator logs I see:
E1012 11:15:10.522830 1 degraded_webhook.go:128] x509: certificate signed by unknown authority
1.6655764583186285e+09 INFO setup Version {"version.Version": "4.12.0"}
I1012 12:07:39.370184 1 request.go:682] Waited for 1.041214659s due to client-side throttling, not priority and fairness, request: GET:https://172.30.0.1:443/apis/coordination.k8s.io/v1?timeout=32s
1.6655764644221544e+09 INFO controller-runtime.metrics Metrics server is starting to listen {"addr": "127.0.0.1:39300"}
1.665576464423153e+09 INFO controller-runtime.builder skip registering a mutating webhook, object does not implement admission.Defaulter or WithDefaulter wasn't called {"GVK": "ingressnodefirewall.openshift.io/v1alpha1, Kind=IngressNodeFirewall"}
1.665576464423177e+09 INFO controller-runtime.builder Registering a validating webhook {"GVK": "ingressnodefirewall.openshift.io/v1alpha1, Kind=IngressNodeFirewall", "path": "/validate-ingressnodefirewall-openshift-io-v1alpha1-ingressnodefirewall"}
1.6655764644232416e+09 INFO controller-runtime.webhook Registering webhook {"path": "/validate-ingressnodefirewall-openshift-io-v1alpha1-ingressnodefirewall"}
1.6655764644234755e+09 INFO platform detecting platform version...
1.665576464426542e+09 INFO platform route.openshift.io found in apis, platform is OpenShift
1.6655764644265637e+09 INFO platform PlatformInfo [Name: OpenShift, K8SVersion: 1.25, OS: linux/amd64]
1.665576464426599e+09 INFO setup starting manager
1.665576464427083e+09 INFO controller-runtime.webhook.webhooks Starting webhook server
1.6655764644272194e+09 INFO controller-runtime.certwatcher Updated current TLS certificate
1.6655764644273317e+09 INFO controller-runtime.webhook Serving webhook server {"host": "", "port": 9443}
1.6655764644273727e+09 INFO Starting server {"path": "/metrics", "kind": "metrics", "addr": "127.0.0.1:39300"}
1.6655764644273968e+09 INFO Starting server {"kind": "health probe", "addr": "[::]:8081"}
1.6655764644274538e+09 INFO controller-runtime.certwatcher Starting certificate watcher
I1012 12:07:44.427518 1 leaderelection.go:248] attempting to acquire leader lease openshift-ingress-node-firewall/d902e78d.ingress-nodefw...
I1012 12:08:02.145061 1 leaderelection.go:258] successfully acquired lease openshift-ingress-node-firewall/d902e78d.ingress-nodefw
1.6655764821452363e+09 DEBUG events ingress-node-firewall-controller-manager-b8875b7c-b7x48_905d7422-87f4-4d39-bb1c-6c3d71faf040 became leader {"type": "Normal", "object": {"kind":"Lease","namespace":"openshift-ingress-node-firewall","name":"d902e78d.ingress-nodefw","uid":"20f907e4-1e3a-43ce-9d62-65682b8a30a5","apiVersion":"coordination.k8s.io/v1","resourceVersion":"91619"}, "reason": "LeaderElection"}
1.665576482145705e+09 INFO Starting EventSource {"controller": "ingressnodefirewall", "controllerGroup": "ingressnodefirewall.openshift.io", "controllerKind": "IngressNodeFirewall", "source": "kind source: *v1alpha1.IngressNodeFirewall"}
1.6655764821457582e+09 INFO Starting EventSource {"controller": "ingressnodefirewall", "controllerGroup": "ingressnodefirewall.openshift.io", "controllerKind": "IngressNodeFirewall", "source": "kind source: *v1.Node"}
1.6655764821457748e+09 INFO Starting EventSource {"controller": "ingressnodefirewall", "controllerGroup": "ingressnodefirewall.openshift.io", "controllerKind": "IngressNodeFirewall", "source": "kind source: *v1alpha1.IngressNodeFirewallNodeState"}
1.6655764821457813e+09 INFO Starting Controller {"controller": "ingressnodefirewall", "controllerGroup": "ingressnodefirewall.openshift.io", "controllerKind": "IngressNodeFirewall"}
1.6655764821462293e+09 INFO Starting EventSource {"controller": "ingressnodefirewallconfig", "controllerGroup": "ingressnodefirewall.openshift.io", "controllerKind": "IngressNodeFirewallConfig", "source": "kind source: *v1alpha1.IngressNodeFirewallConfig"}
1.665576482146256e+09 INFO Starting EventSource {"controller": "ingressnodefirewallconfig", "controllerGroup": "ingressnodefirewall.openshift.io", "controllerKind": "IngressNodeFirewallConfig", "source": "kind source: *v1.DaemonSet"}
1.6655764821462605e+09 INFO Starting Controller {"controller": "ingressnodefirewallconfig", "controllerGroup": "ingressnodefirewall.openshift.io", "controllerKind": "IngressNodeFirewallConfig"}
1.665576482247726e+09 INFO Starting workers {"controller": "ingressnodefirewall", "controllerGroup": "ingressnodefirewall.openshift.io", "controllerKind": "IngressNodeFirewall", "worker count": 1}
1.6655764822477381e+09 INFO Starting workers {"controller": "ingressnodefirewallconfig", "controllerGroup": "ingressnodefirewall.openshift.io", "controllerKind": "IngressNodeFirewallConfig", "worker count": 1}
2022/10/12 12:08:10 http: TLS handshake error from 10.130.0.33:36772: remote error: tls: bad certificate
2022/10/12 12:08:11 http: TLS handshake error from 10.130.0.33:36786: remote error: tls: bad certificate
2022/10/12 12:08:13 http: TLS handshake error from 10.130.0.33:36792: remote error: tls: bad certificate
2022/10/12 12:08:13 http: TLS handshake error from 10.130.0.33:36818: remote error: tls: bad certificate
2022/10/12 12:08:14 http: TLS handshake error from 10.130.0.33:36832: remote error: tls: bad certificate
2022/10/12 12:08:16 http: TLS handshake error from 10.130.0.33:36838: remote error: tls: bad certificate
2022/10/12 12:08:28 http: TLS handshake error from 10.130.0.33:34348: remote error: tls: bad certificate
2022/10/12 12:08:29 http: TLS handshake error from 10.130.0.33:34360: remote error: tls: bad certificate
2022/10/12 12:08:31 http: TLS handshake error from 10.130.0.33:34366: remote error: tls: bad certificate
2022/10/12 12:08:31 http: TLS handshake error from 10.130.0.33:34386: remote error: tls: bad certificate
2022/10/12 12:08:32 http: TLS handshake error from 10.130.0.33:34390: remote error: tls: bad certificate
2022/10/12 12:08:34 http: TLS handshake error from 10.130.0.33:34404: remote error: tls: bad certificate
1.6655765489751365e+09 INFO controllers.IngressNodeFirewallConfig.syncIngressNodeFirewallConfigResources Start
2022/10/12 12:09:08 reconciling (apps/v1, Kind=DaemonSet) openshift-ingress-node-firewall/ingress-node-firewall-daemon
2022/10/12 12:09:08 does not exist, creating (apps/v1, Kind=DaemonSet) openshift-ingress-node-firewall/ingress-node-firewall-daemon
2022/10/12 12:09:09 successfully created (apps/v1, Kind=DaemonSet) openshift-ingress-node-firewall/ingress-node-firewall-daemon
1.6655765490073535e+09 INFO controllers.IngressNodeFirewallConfig.syncIngressNodeFirewallConfigResources Start
2022/10/12 12:09:09 reconciling (apps/v1, Kind=DaemonSet) openshift-ingress-node-firewall/ingress-node-firewall-daemon
2022/10/12 12:09:09 update was successful
1.6655765490209832e+09 INFO controllers.IngressNodeFirewallConfig.syncIngressNodeFirewallConfigResources Start
2022/10/12 12:09:09 reconciling (apps/v1, Kind=DaemonSet) openshift-ingress-node-firewall/ingress-node-firewall-daemon
2022/10/12 12:09:09 update was successful
1.6655765490611908e+09 INFO controllers.IngressNodeFirewallConfig.syncIngressNodeFirewallConfigResources Start
2022/10/12 12:09:09 reconciling (apps/v1, Kind=DaemonSet) openshift-ingress-node-firewall/ingress-node-firewall-daemon
2022/10/12 12:09:09 update was successful
1.6655765505568647e+09 INFO controllers.IngressNodeFirewallConfig.syncIngressNodeFirewallConfigResources Start
2022/10/12 12:09:10 reconciling (apps/v1, Kind=DaemonSet) openshift-ingress-node-firewall/ingress-node-firewall-daemon
2022/10/12 12:09:10 update was successful
1.6655765505688732e+09 INFO controllers.IngressNodeFirewallConfig.syncIngressNodeFirewallConfigResources Start
2022/10/12 12:09:10 reconciling (apps/v1, Kind=DaemonSet) openshift-ingress-node-firewall/ingress-node-firewall-daemon
2022/10/12 12:09:10 update was successful
1.6655765512645593e+09 INFO controllers.IngressNodeFirewallConfig.syncIngressNodeFirewallConfigResources Start
2022/10/12 12:09:11 reconciling (apps/v1, Kind=DaemonSet) openshift-ingress-node-firewall/ingress-node-firewall-daemon
2022/10/12 12:09:11 update was successful
1.6655765512790902e+09 INFO controllers.IngressNodeFirewallConfig.syncIngressNodeFirewallConfigResources Start
2022/10/12 12:09:11 reconciling (apps/v1, Kind=DaemonSet) openshift-ingress-node-firewall/ingress-node-firewall-daemon
2022/10/12 12:09:11 update was successful
1.665576551295348e+09 INFO controllers.IngressNodeFirewallConfig.syncIngressNodeFirewallConfigResources Start
2022/10/12 12:09:11 reconciling (apps/v1, Kind=DaemonSet) openshift-ingress-node-firewall/ingress-node-firewall-daemon
2022/10/12 12:09:11 update was successful
2022/10/12 12:10:02 http: TLS handshake error from 10.130.0.33:43958: remote error: tls: bad certificate
2022/10/12 12:10:03 http: TLS handshake error from 10.130.0.33:43966: remote error: tls: bad certificate
2022/10/12 12:10:05 http: TLS handshake error from 10.130.0.33:43982: remote error: tls: bad certificate
2022/10/12 12:10:05 http: TLS handshake error from 10.130.0.33:43994: remote error: tls: bad certificate
2022/10/12 12:10:06 http: TLS handshake error from 10.130.0.33:43996: remote error: tls: bad certificate
2022/10/12 12:10:08 http: TLS handshake error from 10.130.0.33:46364: remote error: tls: bad certificate
2022/10/12 12:10:19 http: TLS handshake error from 10.130.0.33:54704: remote error: tls: bad certificate
2022/10/12 12:10:20 http: TLS handshake error from 10.130.0.33:54716: remote error: tls: bad certificate
2022/10/12 12:10:22 http: TLS handshake error from 10.130.0.33:54732: remote error: tls: bad certificate
2022/10/12 12:10:22 http: TLS handshake error from 10.130.0.33:54748: remote error: tls: bad certificate
2022/10/12 12:10:23 http: TLS handshake error from 10.130.0.33:54750: remote error: tls: bad certificate
2022/10/12 12:10:25 http: TLS handshake error from 10.130.0.33:54766: remote error: tls: bad certificate
2022/10/12 12:10:42 http: TLS handshake error from 10.130.0.33:49262: remote error: tls: bad certificate
2022/10/12 12:10:43 http: TLS handshake error from 10.130.0.33:49266: remote error: tls: bad certificate
2022/10/12 12:10:45 http: TLS handshake error from 10.130.0.33:49280: remote error: tls: bad certificate
2022/10/12 12:10:46 http: TLS handshake error from 10.130.0.33:49296: remote error: tls: bad certificate
2022/10/12 12:10:47 http: TLS handshake error from 10.130.0.33:49310: remote error: tls: bad certificate
2022/10/12 12:10:49 http: TLS handshake error from 10.130.0.33:38232: remote error: tls: bad certificate