Last Modified: Oct 21, 2025
Affected Product(s):
F5OS F5OS-C, Install/Upgrade
Known Affected Versions:
F5OS-C 1.5.1, F5OS-C 1.6.0, F5OS-C 1.6.1, F5OS-C 1.6.2, F5OS-C 1.6.4, F5OS-C 1.8.1
Fixed In:
F5OS-C 1.8.2
Opened: May 28, 2025 Severity: 2-Critical
After a controller restart, controller-manager pods enter CrashLoopBackOff state, if the API server certificate has expired.
The controller-manager pods crash repeatedly and new blades can not be added.
API server certificate is expired and a controller is rebooted.
To check if cert is expired: oc get secret apiserver-ssl -n kube-service-catalog -o jsonpath='{.data.tls\.crt}' | base64 --decode | openssl x509 -noout -enddate As the root user: [root@controller-1(velos.system):Active ~]# docker exec -it orchestration_manager bash bash-4.2# ansible-playbook -v -i /tmp/omd/etc_ansible_hosts playbooks/openshift-service-catalog/config.yml This script takes about 5 minutes to run and then the pods are fixed
None