Bug 1947719
| Summary: | 8 APIRemovedInNextReleaseInUse info alerts display | ||||||
|---|---|---|---|---|---|---|---|
| Product: | OpenShift Container Platform | Reporter: | hongyan li <hongyli> | ||||
| Component: | kube-apiserver | Assignee: | Stefan Schimanski <sttts> | ||||
| Status: | CLOSED ERRATA | QA Contact: | Xingxing Xia <xxia> | ||||
| Severity: | high | Docs Contact: | |||||
| Priority: | high | ||||||
| Version: | 4.8 | CC: | alegrand, anpicker, aos-bugs, erooth, juzhao, kakkoyun, kewang, lcosic, mbukatov, mfojtik, pkrupa, surbania, xxia | ||||
| Target Milestone: | --- | Keywords: | Reopened | ||||
| Target Release: | 4.8.0 | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | |||||||
| : | 1947785 1947789 1947791 1947793 1947794 1947795 1947797 1947798 1947800 1947801 1947803 1966410 1966499 1969578 (view as bug list) | Environment: | |||||
| Last Closed: | 2021-07-27 22:58:16 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Bug Depends On: | 1947785, 1947789, 1947791, 1947793, 1947794, 1947795, 1947797, 1947798, 1947800, 1947801, 1947803, 1948614, 1952049, 1954765, 1954768, 1954771, 1954773, 1955100, 1957446, 1958492, 1960549, 1966410, 1966508 | ||||||
| Bug Blocks: | |||||||
| Attachments: |
|
||||||
|
Description
hongyan li
2021-04-09 03:07:27 UTC
alert details
alert:DeprecatedAPIInUse
expr:group by(group, version, resource) (apiserver_requested_deprecated_apis{removed_release="1.22"}) and (sum by(group, version, resource) (rate(apiserver_request_total[10m]))) > 0
for: 1h
labels:
severity: info
annotations:
message: Deprecated API that will be removed in the next version is being used. Removing the workload that is using the {{"{{$labels.group}}"}}.{{"{{$labels.version}}"}}/{{"{{$labels.resource}}"}} API might be necessary for a successful upgrade to the next cluster version. Refer to the audit logs to identify the workload.
*** This bug has been marked as a duplicate of bug 1932165 *** Different issue from bug 1932165 which is about variable not translated to value # oc version
Client Version: 4.8.0-0.nightly-2021-04-08-200632
Server Version: 4.8.0-0.nightly-2021-04-08-200632
Kubernetes Version: v1.21.0-rc.0+6d27558
checked from prometheus, query parameter:
count(apiserver_requested_deprecated_apis{removed_release="1.22"}) by(instance,version,group,resource)
version is v1beta1
{group="certificates.k8s.io", instance="10.0.160.188:6443", resource="certificatesigningrequests", version="v1beta1"} 1
{group="extensions", instance="10.0.160.188:6443", resource="ingresses", version="v1beta1"} 1
{group="rbac.authorization.k8s.io", instance="10.0.160.188:6443", resource="clusterrolebindings", version="v1beta1"} 1
{group="rbac.authorization.k8s.io", instance="10.0.160.188:6443", resource="rolebindings", version="v1beta1"} 1
{group="rbac.authorization.k8s.io", instance="10.0.160.188:6443", resource="roles", version="v1beta1"} 1
{group="admissionregistration.k8s.io", instance="10.0.160.188:6443", resource="mutatingwebhookconfigurations", version="v1beta1"} 1
{group="admissionregistration.k8s.io", instance="10.0.160.188:6443", resource="validatingwebhookconfigurations", version="v1beta1"} 1
{group="apiextensions.k8s.io", instance="10.0.160.188:6443", resource="customresourcedefinitions", version="v1beta1"} 1
but the api versions are all actually v1, which means apiserver_requested_deprecated_apis may post the wrong result
# for i in certificatesigningrequests ingresses clusterrolebindings rolebindings roles mutatingwebhookconfigurations validatingwebhookconfigurations customresourcedefinitions; do oc api-resources | grep $i; echo -e "\n"; done
certificatesigningrequests csr certificates.k8s.io/v1 false CertificateSigningRequest
ingresses config.openshift.io/v1 false Ingress
ingresses ing extensions/v1beta1 true Ingress
ingresses ing networking.k8s.io/v1 true Ingress
clusterrolebindings authorization.openshift.io/v1 false ClusterRoleBinding
clusterrolebindings rbac.authorization.k8s.io/v1 false ClusterRoleBinding
clusterrolebindings authorization.openshift.io/v1 false ClusterRoleBinding
rolebindings authorization.openshift.io/v1 true RoleBinding
clusterrolebindings rbac.authorization.k8s.io/v1 false ClusterRoleBinding
rolebindings rbac.authorization.k8s.io/v1 true RoleBinding
clusterroles authorization.openshift.io/v1 false ClusterRole
roles authorization.openshift.io/v1 true Role
clusterroles rbac.authorization.k8s.io/v1 false ClusterRole
roles rbac.authorization.k8s.io/v1 true Role
mutatingwebhookconfigurations admissionregistration.k8s.io/v1 false MutatingWebhookConfiguration
validatingwebhookconfigurations admissionregistration.k8s.io/v1 false ValidatingWebhookConfiguration
customresourcedefinitions crd,crds apiextensions.k8s.io/v1 false CustomResourceDefinition
*** Bug 1961236 has been marked as a duplicate of this bug. *** The alert this bug talks about is APIRemovedInNextEUSReleaseInUse. I'm mentioning it here so that it's possible to find this bug when one searches by content of bugzilla comments. The "Depends On" field of this bug has 20+ bugs on other components: "https://bugzilla.redhat.com/buglist.cgi?classification=Red Hat&f1=blocked&j_top=OR&list_id=11945502&o1=equals&product=OpenShift Container Platform&query_format=advanced&v1=1947719" . I double checked their verification steps, or directly verified many of them. Now they are all VERIFIED. So moving this parent tracker bug VERIFIED. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.8.2 bug fix and security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2021:2438 |