Bug 1845440
| Summary: | Fix flipping of service-account-issuer in kube apiserver operator | |||
|---|---|---|---|---|
| Product: | OpenShift Container Platform | Reporter: | Michal Fojtik <mfojtik> | |
| Component: | kube-apiserver | Assignee: | Stefan Schimanski <sttts> | |
| Status: | CLOSED ERRATA | QA Contact: | Ke Wang <kewang> | |
| Severity: | medium | Docs Contact: | ||
| Priority: | unspecified | |||
| Version: | 4.6 | CC: | aos-bugs, mfojtik, xxia | |
| Target Milestone: | --- | |||
| Target Release: | 4.6.0 | |||
| Hardware: | Unspecified | |||
| OS: | Unspecified | |||
| Whiteboard: | ||||
| Fixed In Version: | Doc Type: | If docs needed, set a value | ||
| Doc Text: | Story Points: | --- | ||
| Clone Of: | ||||
| : | 1845441 (view as bug list) | Environment: | ||
| Last Closed: | 2020-10-27 16:05:58 UTC | Type: | Bug | |
| Regression: | --- | Mount Type: | --- | |
| Documentation: | --- | CRM: | ||
| Verified Versions: | Category: | --- | ||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
| Cloudforms Team: | --- | Target Upstream Version: | ||
| Embargoed: | ||||
| Bug Depends On: | ||||
| Bug Blocks: | 1845441 | |||
Refer to the comment https://bugzilla.redhat.com/show_bug.cgi?id=1845441#c3, not found related error in last two days of testing. Checking the latest OCP 4.6 release, $ oc adm release info registry.svc.ci.openshift.org/ocp/release:4.6.0-0.nightly-2020-06-11-001445 --commits | grep -i kube-apiserver cluster-kube-apiserver-operator https://github.com/openshift/cluster-kube-apiserver-operator 57f1a73eb6ed74c8b03134863a19baec42cf8987 $ git log --date local --pretty="%h %an %cd - %s" 57f1a73e | grep '#880' 57f1a73e OpenShift Merge Robot Tue Jun 9 09:10:24 2020 - Merge pull request #880 from sttts/sttts-unstructured-slice-flipping We can see the PR is already in, move the bug verified. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (OpenShift Container Platform 4.6 GA Images), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:4196 |
Description of problem: Jun 04 22:41:42.095 I ns/openshift-kube-apiserver-operator deployment/kube-apiserver-operator reason/ObservedConfigChanged Writing updated observed config: map[string]interface{}{\n "admission": map[string]interface{}{"pluginConfig": map[string]interface{}{"network.openshift.io/ExternalIPRanger": map[string]interface{}{"configuration": map[string]interface{}{"allowIngressIP": bool(false), "apiVersion": string("network.openshift.io/v1"), "kind": string("ExternalIPRangerAdmissionConfig")}}, "network.openshift.io/RestrictedEndpointsAdmission": map[string]interface{}{"configuration": map[string]interface{}{"apiVersion": string("network.openshift.io/v1"), "kind": string("RestrictedEndpointsAdmissionConfig"), "restrictedCIDRs": []interface{}{string("10.128.0.0/14"), string("172.30.0.0/16")}}}}},\n "apiServerArguments": map[string]interface{}{\n "cloud-provider": []interface{}{string("aws")},\n "feature-gates": []interface{}{string("APIPriorityAndFairness=true"), string("RotateKubeletServerCertificate=true"), string("SupportPodPidsLimit=true"), string("NodeDisruptionExclusion=true"), string("ServiceNodeExclusion=true"), string("SCTPSupport=true"), string("LegacyNodeRoleBehavior=false")},\n- "service-account-issuer": []interface{}{string("https://ci-op-dgz95p2d-067ff-pxnzv-oidc.s3.amazonaws.com")},\n+ "service-account-issuer": []string{"https://ci-op-dgz95p2d-067ff-pxnzv-oidc.s3.amazonaws.com"},\n },\n "authConfig": map[string]interface{}{"oauthMetadataFile": string("/etc/kubernetes/static-pod-resources/configmaps/oauth-metadata/oauthMetadata")},\n "corsAllowedOrigins": []interface{}{string(`//127\.0\.0\.1(:|$)`), string("//localhost(:|$)")},\n ... // 4 identical entries\n }\n (785 times) The issue is the service-account-issuer is flipping because of unstructured issuer slice type: - "service-account-issuer": []interface{}{string("https://ci-op-dgz95p2d-067ff-pxnzv-oidc.s3.amazonaws.com")}, + "service-account-issuer": []string{"https://ci-op-dgz95p2d-067ff-pxnzv-oidc.s3.amazonaws.com"} Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info: