Bug 2015459
Summary: | [azure][openstack]When image registry configure an invalid proxy, registry pods are CrashLoopBackOff | ||
---|---|---|---|
Product: | OpenShift Container Platform | Reporter: | wewang <wewang> |
Component: | Image Registry | Assignee: | Oleg Bulatov <obulatov> |
Status: | CLOSED ERRATA | QA Contact: | wewang <wewang> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 4.9 | CC: | aos-bugs, wking, xiuwang |
Target Milestone: | --- | Keywords: | Regression |
Target Release: | 4.11.0 | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | No Doc Update | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2022-08-10 10:38:21 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
wewang
2021-10-19 09:14:35 UTC
The registry pods cannot reach storage when an invalid proxy is set, so they should become unhealthy and be killed. That's exactly what happens on your cluster. I'd say it's a bug that it doesn't happen on AWS/GCP. It's ok for the registry to stay alive when it doesn't use HTTP connections and uses a regular file system (i.e. PVC). Verfied in version: Version 4.10.0-0.ci.test-2021-11-23-070259-ci-ln-jintmht-latest tested in azure and openstack cluster, when set invalid proxy in config.image, registry pods are running. That's not how it should work. The pod should be unhealthy (and eventually be killed) when invalid proxy is set. On my local cluster: $ oc get config.imageregistry/cluster -o json | jq .spec.proxy { "http": "http://localhost", "https": "http://localhost" } $ oc -n openshift-image-registry get pods -l docker-registry=default NAME READY STATUS RESTARTS AGE image-registry-6b674466bf-8kp5j 0/1 Running 2 (71s ago) 4m14s image-registry-6b674466bf-vxqjp 0/1 Running 2 (67s ago) 4m14s The pod starts to crash (see restarts). Verified on 4.11.0-0.nightly-2022-03-17-024314 Image registry pod will report crash(restart) when add invalid proxy Warning ProbeError 10s (x2 over 20s) kubelet Readiness probe error: HTTP probe failed with statuscode: 503 body: {"errors":[{"code":"UNAVAILABLE","message":"service unavailable","detail":"health check failed: please see /debug/health"}]} Warning Unhealthy 10s (x2 over 20s) kubelet Readiness probe failed: HTTP probe failed with statuscode: 503 Warning ProbeError 10s (x2 over 20s) kubelet Liveness probe error: HTTP probe failed with statuscode: 503 body: {"errors":[{"code":"UNAVAILABLE","message":"service unavailable","detail":"health check failed: please see /debug/health"}]} Warning Unhealthy 10s (x2 over 20s) kubelet Liveness probe failed: HTTP probe failed with statuscode: 503 Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Important: OpenShift Container Platform 4.11.0 bug fix and security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2022:5069 |