Bug 1969626

Summary: Portfoward stream cleanup can cause kubelet to panic
Product: OpenShift Container Platform Reporter: Elana Hashman <ehashman>
Component: NodeAssignee: Elana Hashman <ehashman>
Node sub component: Kubelet QA Contact: Sunil Choudhary <schoudha>
Status: CLOSED ERRATA Docs Contact:
Severity: high    
Priority: urgent CC: aos-bugs, nagrawal
Version: 4.8   
Target Milestone: ---   
Target Release: 4.8.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: No Doc Update
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-07-27 23:12:15 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Elana Hashman 2021-06-08 18:47:20 UTC 
Description of problem: See https://github.com/kubernetes/kubernetes/issues/102480

Backport patch https://github.com/kubernetes/kubernetes/commit/b14bd44f33d93e1ee64c1d68fa7591d79eac5893 from 1.21.1 needs to be reverted (i.e. take https://github.com/kubernetes/kubernetes/pull/102587)


Version-Release number of selected component (if applicable): OpenShift 4.8 as of 1.21.1 rebase


How reproducible:

Not reproducible in OpenShift because CRI-O does not vendor Kubernetes 1.21.1 yet: https://github.com/cri-o/cri-o/blob/478f49d4f5e005226ac7460edcb2ed21d804960f/go.mod#L99

Believe this only affects dockershim currently.

Containerd also has not yet updated code to the affected version: https://github.com/containerd/containerd/blob/261c107ffc4ff681bc73988f64e3f60c32233b37/pkg/cri/streaming/portforward/httpstream.go#L171

We want to back this out ASAP just to be safe.


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:
Comment 1 Elana Hashman 2021-06-08 19:29:33 UTC 
Note: OpenShift 4.7 and 4.6 are not affected, did not take the backports.
Comment 2 Elana Hashman 2021-06-08 19:30:43 UTC 
Not a release blocker because as far as we know there's no impact on OpenShift/CRI-O. This is a proactive backport of the upstream fix/revert before 4.8 freeze.
Comment 7 errata-xmlrpc 2021-07-27 23:12:15 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.8.2 bug fix and security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2021:2438