+++ This bug was initially created as a clone of Bug #1881072 +++
+++ This bug was initially created as a clone of Bug #1880337 +++
A recent fix in the reflector/informer https://github.com/kubernetes/kubernetes/pull/92688 prevents components/operators from entering a hotloop and stuck.
There are already reported cases that have run into that issue and were stuck for hours or even days. For example https://bugzilla.redhat.com/show_bug.cgi?id=1877346.
The root cause of the issue is the fact that a watch cache is initialized from the global revision (etcd) and might stay on it for an undefined period (if no changes were (add, modify) made).
That means that the watch cache across server instances may be out of sync.
That might lead to a situation in which a client gets a resource version from a server that has observed a newer rv, disconnect (due to a network error) from it, and reconnect to a server that is behind, resulting in “Too large resource version“ errors.
More details in https://github.com/kubernetes/kubernetes/issues/91073 and https://github.com/kubernetes/enhancements/tree/master/keps/sig-api-machinery/1904-efficient-watch-resumption
It looks like the issue only affects 1.18. According to https://github.com/kubernetes/kubernetes/issues/91073#issuecomment-652251669 the issue was first introduced in that version by changes done to the reflector.
The fix is already present in 1.19.
Please make sure that cluster-monitoring-operator is using a client-go that includes https://github.com/kubernetes/kubernetes/pull/92688 if not please use this BZ and file a PR.
In case you are using a framework to build your operator make sure it uses the right version of the client-go library.
--- Additional comment from Simon Pasquier on 2020-09-21 10:46:22 UTC ---
cluster-monitoring-operator 4.5 depends on k8s.io/client-go v0.17.1 [1] so it isn't affected by this issue. The same goes for prometheus-operator [2].
That being said, the 4.6 branches use k8s.io/client-go v0.18.3 and v0.18.2 [3][4] and they probably need to be fixed.
@Lukasz Should we open another BZ?
[1] https://github.com/openshift/cluster-monitoring-operator/blob/0c110b7edadad09182983e48013125a07284116d/go.mod#L37
[2] https://github.com/openshift/prometheus-operator/blob/99b893905d26d85d50d1178be195388e5c000322/go.mod#L42
[3] https://github.com/openshift/cluster-monitoring-operator/blob/922578d7d8a33f39b43b577e74c469b4374e90bd/go.mod#L31
[4] https://github.com/openshift/prometheus-operator/blob/52492b3b48ed1e4f851a78a51817e92404cf2767/go.mod#L36
--- Additional comment from Lukasz Szaszkiewicz on 2020-09-21 12:20:10 UTC ---
(In reply to Simon Pasquier from comment #1)
> cluster-monitoring-operator 4.5 depends on k8s.io/client-go v0.17.1 [1] so
> it isn't affected by this issue. The same goes for prometheus-operator [2].
> That being said, the 4.6 branches use k8s.io/client-go v0.18.3 and v0.18.2
> [3][4] and they probably need to be fixed.
>
> @Lukasz Should we open another BZ?
>
> [1]
> https://github.com/openshift/cluster-monitoring-operator/blob/
> 0c110b7edadad09182983e48013125a07284116d/go.mod#L37
> [2]
> https://github.com/openshift/prometheus-operator/blob/
> 99b893905d26d85d50d1178be195388e5c000322/go.mod#L42
> [3]
> https://github.com/openshift/cluster-monitoring-operator/blob/
> 922578d7d8a33f39b43b577e74c469b4374e90bd/go.mod#L31
> [4]
> https://github.com/openshift/prometheus-operator/blob/
> 52492b3b48ed1e4f851a78a51817e92404cf2767/go.mod#L36
The Kube API in 4.5 is affected. It can return an error that the operators must understand and recover from. Basically anything that uses an informer.
For 4.5/4.6 you should bump at least to 1.18.6 (which has the fix)
--- Additional comment from Simon Pasquier on 2020-09-21 12:30:42 UTC ---
Targeting this bug against 4.6.0. I'll create a clone for 4.5.z.
--- Additional comment from OpenShift Automated Release Tooling on 2020-09-22 17:52:40 UTC ---
Elliott changed bug status from MODIFIED to ON_QA.
--- Additional comment from Junqi Zhao on 2020-09-23 03:12:51 UTC ---
waiting for the build which packages the fix
--- Additional comment from OpenShift Automated Release Tooling on 2020-09-24 01:56:13 UTC ---
Elliott changed bug status from MODIFIED to ON_QA.
--- Additional comment from Junqi Zhao on 2020-09-24 03:55:28 UTC ---
fix is in 4.6.0-0.nightly-2020-09-24-015627 and later build
--- Additional comment from Junqi Zhao on 2020-09-25 09:20:15 UTC ---
tested with 4.6.0-0.nightly-2020-09-24-184015, no "Too large resource version" error for prometheus-operator container
steps:
1. label one node and let the prometheus-operator pod only can be deployed on such node
example
# oc label node ip-10-0-183-216.ap-northeast-2.compute.internal prometheus-operator=deploy
2. create cluster-monitoring-config ConfigMap to add nodeSelector setting for prometheus-operator, make sure it only deployed on the node with label prometheus-operator=deploy
***************************
apiVersion: v1
kind: ConfigMap
metadata:
name: cluster-monitoring-config
namespace: openshift-monitoring
data:
config.yaml: |
prometheusOperator:
nodeSelector:
prometheus-operator: deploy
3. ssh to the node where prometheus-operator is deployed and execute the the script in the background, it disconnects the node from the network for 5 minutes and reconnect later
$ ./test.sh &
$ cat test.sh
sudo ifconfig ens5 down
sleep 300
sudo ifconfig ens5 up
4. check prometheus-operator logs, there should not have "Too large resource version" error
--- Additional comment from errata-xmlrpc on 2020-10-06 18:24:43 UTC ---
This bug has been added to advisory RHBA-2020:54579 by OpenShift Release Team Bot (ocp-build/buildvm.openshift.eng.bos.redhat.com)
--- Additional comment from errata-xmlrpc on 2020-10-26 00:43:13 UTC ---
Bug report changed to RELEASE_PENDING status by Errata System.
Advisory RHBA-2020:4196-05 has been changed to PUSH_READY status.
https://errata.devel.redhat.com/advisory/54579
--- Additional comment from errata-xmlrpc on 2020-10-27 16:43:33 UTC ---
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory (OpenShift Container Platform 4.6 GA Images), and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.
https://access.redhat.com/errata/RHBA-2020:4196