Last Modified: Jan 12, 2026
Affected Product(s):
F5OS F5OS-C, Install/Upgrade
Known Affected Versions:
F5OS-C 1.5.1, F5OS-C 1.6.0, F5OS-C 1.6.1, F5OS-C 1.6.2, F5OS-C 1.6.4, F5OS-C 1.8.1
Fixed In:
F5OS-C 1.8.2
Opened: May 28, 2025 Severity: 2-Critical
After a controller restart, controller-manager pods enter CrashLoopBackOff state, if the API server certificate has expired. This can occur when the API server certificate reaches a 2-year expiry.
The controller-manager pods crash repeatedly and new blades can not be added. Expired API server certificate does not cause traffic disruption on an otherwise healthy running device, only failures to change configuration or add/remove blades.
-- API server certificate is expired -- A controller is rebooted.
To check if cert is expired: oc get secret apiserver-ssl -n kube-service-catalog -o jsonpath='{.data.tls\.crt}' | base64 --decode | openssl x509 -noout -enddate How to renew the certificate and fix the issue: As the root user: [root@controller-1(velos.system):Active ~]# docker exec -it orchestration_manager bash bash-4.2# ansible-playbook -v -i /tmp/omd/etc_ansible_hosts playbooks/openshift-service-catalog/config.yml This script takes about 5 minutes to run and then the pods are fixed
The API server certificate has had its expiry changed to 10 years to align with the other certificates on the system.