Bug 1982726
| Summary: | kube-apiserver audit logs show a lot of 404 errors for DELETE "*/secrets/encryption-config" on single node clusters | ||||||
|---|---|---|---|---|---|---|---|
| Product: | OpenShift Container Platform | Reporter: | Omer Tuchfeld <otuchfel> | ||||
| Component: | kube-apiserver | Assignee: | Damien Grisonnet <dgrisonn> | ||||
| Status: | CLOSED ERRATA | QA Contact: | Ke Wang <kewang> | ||||
| Severity: | low | Docs Contact: | |||||
| Priority: | low | ||||||
| Version: | 4.9 | CC: | akashem, aos-bugs, dgrisonn, mfojtik, xxia | ||||
| Target Milestone: | --- | Flags: | dgrisonn:
needinfo-
|
||||
| Target Release: | 4.10.0 | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Whiteboard: | LifecycleReset | ||||||
| Fixed In Version: | Doc Type: | No Doc Update | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | |||||||
| : | 2029504 (view as bug list) | Environment: | |||||
| Last Closed: | 2022-03-12 04:36:01 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Bug Depends On: | |||||||
| Bug Blocks: | 2029504 | ||||||
| Attachments: |
|
||||||
|
Description
Omer Tuchfeld
2021-07-15 14:44:03 UTC
This bug hasn't had any activity in the last 30 days. Maybe the problem got resolved, was a duplicate of something else, or became less pressing for some reason - or maybe it's still relevant but just hasn't been looked at yet. As such, we're marking this bug as "LifecycleStale" and decreasing the severity/priority. If you have further information on the current state of the bug, please update it, otherwise this bug can be closed in about 7 days. The information can be, for example, that the problem still occurs, that you still want the feature, that more information is needed, or that the bug is (for whatever reason) no longer relevant. Additionally, you can add LifecycleFrozen into Keywords if you think this bug should never be marked as stale. Please consult with bug assignee before you do that. I’m adding UpcomingSprint, because I was occupied by fixing bugs with higher priority/severity, developing new features with higher priority, or developing new features to improve stability at a macro level. I will revisit this bug next sprint. The LifecycleStale keyword was removed because the bug moved to QE. The bug assignee was notified. Verification steps,
1. Downloaded the attachment and searched the 404 error,
$ gunzip -d enc.gz
$ grep -c '"code": 404' enc
4894
2. Installed one single node and searched the 404 error in kube-apiserver audit log files,
$ oc get clusterversion
NAME VERSION AVAILABLE PROGRESSING SINCE STATUS
version 4.10.0-0.nightly-2021-12-01-164437 True False 56m Cluster version is 4.10.0-0.nightly-2021-12-01-164437
$ oc get no
NAME STATUS ROLES AGE VERSION
ci-ln-thj43g2-72292-8fghz-master-0 Ready master,worker 77m v1.22.1+bac83a5
$ oc debug node/<master>
sh-4.4# cd /var/log/kube-apiserver
sh-4.4# sudo cat *audit-*.log | jq 'select(.responseStatus.code >= 400) | select(.requestURI | test("encryption"))' > enc
sh-4.4# grep '"code": 404' enc | wc -l
11
Got less 404 errors than before, based this result, move the bug VERIFIED.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.10.3 security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2022:0056 |