Bug 2040132

Summary: Flag --port has been deprecated, This flag has no effect now and will be removed in v1.24. You can use --secure-port instead
Product: OpenShift Container Platform Reporter: Junqi Zhao <juzhao>
Component: kube-schedulerAssignee: Maciej Szulik <maszulik>
Status: CLOSED ERRATA QA Contact: RamaKasturi <knarra>
Severity: low Docs Contact:
Priority: low    
Version: 4.10CC: aos-bugs, mfojtik
Target Milestone: ---   
Target Release: 4.10.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: No Doc Update
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2022-03-10 16:39:13 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Junqi Zhao 2022-01-13 03:36:24 UTC 
Description of problem:
4.10.0-fc.0 uses kubernetes v1.23.0+20a057a, and this bug is only seen in kubernetes v1.23 and above versions
NOTE: for 4.10, we are going to update kubernetes to v1.23

# oc get clusterversion
NAME      VERSION       AVAILABLE   PROGRESSING   SINCE   STATUS
version   4.10.0-fc.0   True        False         6h51m   Cluster version is 4.10.0-fc.0

# oc get no
NAME                                   STATUS   ROLES    AGE     VERSION
pamoedo-ibmrc2-mtcnc-master-0          Ready    master   7h18m   v1.23.0+20a057a
pamoedo-ibmrc2-mtcnc-master-1          Ready    master   7h15m   v1.23.0+20a057a
pamoedo-ibmrc2-mtcnc-master-2          Ready    master   7h15m   v1.23.0+20a057a
pamoedo-ibmrc2-mtcnc-worker-1-jnmcd    Ready    worker   7h4m    v1.23.0+20a057a
pamoedo-ibmrc2-mtcnc-worker-2-7m9qk    Ready    worker   7h3m    v1.23.0+20a057a
pamoedo-ibmrc2-mtcnc-worker-3-pw7p4    Ready    worker   7h4m    v1.23.0+20a057a
pamoedo-ibmrc2-mtcnc-worker-33-8x2bj   Ready    worker   11m     v1.23.0+20a057a

# oc -n openshift-kube-scheduler get pod openshift-kube-scheduler-pamoedo-ibmrc2-mtcnc-master-0
NAME                                                     READY   STATUS    RESTARTS   AGE
openshift-kube-scheduler-pamoedo-ibmrc2-mtcnc-master-0   3/3     Running   0          6h52m

# oc -n openshift-kube-scheduler logs openshift-kube-scheduler-pamoedo-ibmrc2-mtcnc-master-0 | head
Using deprecated annotation `kubectl.kubernetes.io/default-logs-container` in pod/openshift-kube-scheduler-pamoedo-ibmrc2-mtcnc-master-0. Please use `kubectl.kubernetes.io/default-container` instead
W0112 20:33:04.888401       1 feature_gate.go:223] unrecognized feature gate: NodeDisruptionExclusion
W0112 20:33:04.888497       1 feature_gate.go:223] unrecognized feature gate: ServiceNodeExclusion
W0112 20:33:04.888502       1 feature_gate.go:223] unrecognized feature gate: SupportPodPidsLimit
W0112 20:33:04.888506       1 feature_gate.go:223] unrecognized feature gate: LegacyNodeRoleBehavior
Flag --port has been deprecated, This flag has no effect now and will be removed in v1.24. You can use --secure-port instead.
I0112 20:33:04.888568       1 flags.go:64] FLAG: --add-dir-header="false"
I0112 20:33:04.888577       1 flags.go:64] FLAG: --address="127.0.0.1"
I0112 20:33:04.888582       1 flags.go:64] FLAG: --allow-metric-labels="[]"
I0112 20:33:04.888590       1 flags.go:64] FLAG: --alsologtostderr="false"
I0112 20:33:04.888594       1 flags.go:64] FLAG: --authentication-kubeconfig="/etc/kubernetes/static-pod-resources/configmaps/scheduler-kubeconfig/kubeconfig"

# oc -n openshift-kube-scheduler get pod openshift-kube-scheduler-pamoedo-ibmrc2-mtcnc-master-0 -oyaml | grep "\--port"
    - --port=0

Version-Release number of selected component (if applicable):
4.10.0-fc.0

How reproducible:
always

Steps to Reproduce:
1. see the description
2.
3.

Actual results:
Flag --port has been deprecated, This flag has no effect now and will be removed in v1.24. You can use --secure-port instead.

Expected results:
no warning

Additional info:
Comment 3 RamaKasturi 2022-01-17 16:23:10 UTC 
Verified bug in the build below and i do not see any warning in the openshift-kube-scheduler logs.

4.10.fc.1:
=================
[knarra@knarra ~]$ oc get pod openshift-kube-scheduler-ip-10-0-147-163.us-east-2.compute.internal -n openshift-kube-scheduler -o yaml | grep "\--port"
[knarra@knarra ~]$ oc get pod openshift-kube-scheduler-ip-10-0-147-163.us-east-2.compute.internal -n openshift-kube-scheduler -o yaml | grep "\--secure-port"
[knarra@knarra ~]$ oc get pod openshift-kube-scheduler-ip-10-0-147-163.us-east-2.compute.internal -n openshift-kube-scheduler -o yaml | grep "port"
    - --feature-gates=APIPriorityAndFairness=true,CSIMigrationAWS=false,CSIMigrationAzureDisk=false,CSIMigrationAzureFile=false,CSIMigrationGCE=false,CSIMigrationOpenStack=false,CSIMigrationvSphere=false,DownwardAPIHugePages=true,LegacyNodeRoleBehavior=false,NodeDisruptionExclusion=true,PodSecurity=true,RotateKubeletServerCertificate=true,ServiceNodeExclusion=true,SupportPodPidsLimit=true
        port: 10259
    ports:
        port: 10259
      timeout 3m /bin/bash -exuo pipefail -c 'while [ -n "$(ss -Htanop \( sport = 11443 \))" ]; do sleep 1; done'
      echo -n "Waiting for port :10259 and :10251 to be released."
      while [ -n "$(ss -Htan '( sport = 10251 or sport = 10259 )')" ]; do
    name: wait-for-host-port
    name: wait-for-host-port
[knarra@knarra ~]$ oc -n openshift-kube-scheduler logs openshift-kube-scheduler-ip-10-0-147-163.us-east-2.compute.internal | head
Using deprecated annotation `kubectl.kubernetes.io/default-logs-container` in pod/openshift-kube-scheduler-ip-10-0-147-163.us-east-2.compute.internal. Please use `kubectl.kubernetes.io/default-container` instead
W0117 08:16:38.390378       1 feature_gate.go:223] unrecognized feature gate: ServiceNodeExclusion
W0117 08:16:38.390433       1 feature_gate.go:223] unrecognized feature gate: LegacyNodeRoleBehavior
W0117 08:16:38.390438       1 feature_gate.go:223] unrecognized feature gate: NodeDisruptionExclusion
W0117 08:16:38.390442       1 feature_gate.go:223] unrecognized feature gate: SupportPodPidsLimit
I0117 08:16:38.390486       1 flags.go:64] FLAG: --add-dir-header="false"
I0117 08:16:38.390495       1 flags.go:64] FLAG: --address="127.0.0.1"
I0117 08:16:38.390500       1 flags.go:64] FLAG: --allow-metric-labels="[]"
I0117 08:16:38.390505       1 flags.go:64] FLAG: --alsologtostderr="false"
I0117 08:16:38.390508       1 flags.go:64] FLAG: --authentication-kubeconfig="/etc/kubernetes/static-pod-resources/configmaps/scheduler-kubeconfig/kubeconfig"
I0117 08:16:38.390517       1 flags.go:64] FLAG: --authentication-skip-lookup="false"


4.10.fc.0:
===========
[knarra@knarra ~]$ oc get pod openshift-kube-scheduler-ip-10-0-132-157.us-east-2.compute.internal -n openshift-kube-scheduler -o yaml | grep "\--port"
    - --port=0
[knarra@knarra ~]$ oc -n openshift-kube-scheduler logs openshift-kube-scheduler-ip-10-0-132-157.us-east-2.compute.internal | head
Using deprecated annotation `kubectl.kubernetes.io/default-logs-container` in pod/openshift-kube-scheduler-ip-10-0-132-157.us-east-2.compute.internal. Please use `kubectl.kubernetes.io/default-container` instead
W0117 12:28:59.895657       1 feature_gate.go:223] unrecognized feature gate: LegacyNodeRoleBehavior
W0117 12:28:59.895732       1 feature_gate.go:223] unrecognized feature gate: NodeDisruptionExclusion
W0117 12:28:59.895737       1 feature_gate.go:223] unrecognized feature gate: ServiceNodeExclusion
W0117 12:28:59.895741       1 feature_gate.go:223] unrecognized feature gate: SupportPodPidsLimit
Flag --port has been deprecated, This flag has no effect now and will be removed in v1.24. You can use --secure-port instead.
I0117 12:28:59.895792       1 flags.go:64] FLAG: --add-dir-header="false"
I0117 12:28:59.895803       1 flags.go:64] FLAG: --address="127.0.0.1"
I0117 12:28:59.895809       1 flags.go:64] FLAG: --allow-metric-labels="[]"
I0117 12:28:59.895815       1 flags.go:64] FLAG: --alsologtostderr="false"
I0117 12:28:59.895818       1 flags.go:64] FLAG: --authentication-kubeconfig="/etc/kubernetes/static-pod-resources/configmaps/scheduler-kubeconfig/kubeconfig"
[knarra@knarra ~]$ oc get pod openshift-kube-scheduler-ip-10-0-132-157.us-east-2.compute.internal -n openshift-kube-scheduler -o yaml | grep "port"
    - --port=0
    - --feature-gates=APIPriorityAndFairness=true,DownwardAPIHugePages=true,LegacyNodeRoleBehavior=false,NodeDisruptionExclusion=true,PodSecurity=true,RotateKubeletServerCertificate=true,ServiceNodeExclusion=true,SupportPodPidsLimit=true
        port: 10259
    ports:
        port: 10259
      timeout 3m /bin/bash -exuo pipefail -c 'while [ -n "$(ss -Htanop \( sport = 11443 \))" ]; do sleep 1; done'
      echo -n "Waiting for port :10259 and :10251 to be released."
      while [ -n "$(ss -Htan '( sport = 10251 or sport = 10259 )')" ]; do
    name: wait-for-host-port
    name: wait-for-host-port

Based on the above moving bug to verified state.
Comment 7 errata-xmlrpc 2022-03-10 16:39:13 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.10.3 security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:0056