Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1781313

Summary: [4.3] 4.2 to 4.3 upgrade stuck on monitoring: waiting for Thanos Querier Route to become ready failed
Product: OpenShift Container Platform Reporter: Miciah Dashiel Butler Masters <mmasters>
Component: NetworkingAssignee: Miciah Dashiel Butler Masters <mmasters>
Networking sub component: router QA Contact: Mike Fiedler <mifiedle>
Status: CLOSED ERRATA Docs Contact:
Severity: high    
Priority: medium CC: alegrand, anpicker, aos-bugs, ematysek, erooth, hongli, kakkoyun, lcosic, mifiedle, mloibl, pkrupa, surbania
Version: 4.3.0   
Target Milestone: ---   
Target Release: 4.3.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 1780398 Environment:
Last Closed: 2020-01-23 11:18:20 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1778904, 1780398    
Bug Blocks:    

Description Miciah Dashiel Butler Masters 2019-12-09 18:16:52 UTC 
The router needs to retry updating a route's status when receiving a forbidden error (generally, the router should retry on all API errors).

+++ This bug was initially created as a clone of Bug #1780398 +++

Description of problem:

Upgrading a cluster with 2K projects from 4.2.9 to 4.3.0-0.nightly-2019-12-05-073829 failed with monitoring hung for an hour.  

[...]

--- Additional comment from Miciah Dashiel Butler Masters on 2019-12-06 18:58:26 UTC ---

The route in question was created at time 2019-12-05T20:09:20Z.  From 2019-12-05T20:09:41Z to 2019-12-05T20:12:15Z, the API was returning "forbidden: not yet ready to handle request" errors (not only to the router: I see the same error in logs for the auth operator, samples operator, CVO, and kube-controller-manager).  The router may have admitted the route, but the router failed to update the route's status due to the API outage.  The router is designed to be able to function with limited privileges.  It is not clear to me whether the router should retry on forbidden errors, or whether the API is incorrect in returning a forbidden error for a request that should be retried.
Comment 2 Mike Fiedler 2019-12-11 17:51:52 UTC 
verification blocked by https://bugzilla.redhat.com/show_bug.cgi?id=1778904
Comment 3 Mike Fiedler 2019-12-19 14:29:35 UTC 
Verified on registry.svc.ci.openshift.org/ocp/release:4.3.0-0.nightly-2019-12-19-050538

Multiple upgrades successful without hitting this issue.
Comment 5 errata-xmlrpc 2020-01-23 11:18:20 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:0062