Bug 2082235
| Summary: | CNO exposes a generic apiserver that apparently does nothing | ||
|---|---|---|---|
| Product: | OpenShift Container Platform | Reporter: | Pablo Alonso Rodriguez <palonsor> |
| Component: | Networking | Assignee: | Ben Bennett <bbennett> |
| Networking sub component: | openshift-sdn | QA Contact: | zhaozhanqi <zzhao> |
| Status: | CLOSED ERRATA | Docs Contact: | |
| Severity: | low | ||
| Priority: | low | CC: | akaris, aojeagar, gparente, palonsor |
| Version: | 4.10 | ||
| Target Milestone: | --- | ||
| Target Release: | 4.11.0 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2022-08-10 11:10:18 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Pablo Alonso Rodriguez
2022-05-05 15:50:17 UTC
Just need to wire up the bits for a service-serving-cert. Then this will go away (on bootstrapped clusters). Verified this bug on 4.11.0-0.nightly-2022-06-11-054027 token=`oc create token prometheus-k8s -n openshift-monitoring` # oc get pod -n openshift-network-operator -o wide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES network-operator-6bbdbb9bbc-p89z7 1/1 Running 0 2d1h 192.168.111.20 master-0 <none> <none> # oc exec -n openshift-monitoring -c prometheus prometheus-k8s-0 -- curl -H "Authorization: Bearer $token" https://192.168.111.20:9104/metrics -k % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0# HELP apiserver_audit_event_total [ALPHA] Counter of audit events generated and sent to the audit backend. # TYPE apiserver_audit_event_total counter apiserver_audit_event_total 0 # HELP apiserver_audit_requests_rejected_total [ALPHA] Counter of apiserver requests rejected due to an error in audit logging backend. # TYPE apiserver_audit_requests_rejected_total counter apiserver_audit_requests_rejected_total 0 # HELP apiserver_client_certificate_expiration_seconds [ALPHA] Distribution of the remaining lifetime on the certificate used to authenticate a request. # TYPE apiserver_client_certificate_expiration_seconds histogram apiserver_client_certificate_expiration_seconds_bucket{le="0"} 0 apiserver_client_certificate_expiration_seconds_bucket{le="1800"} 0 apiserver_client_certificate_expiration_seconds_bucket{le="3600"} 0 apiserver_client_certificate_expiration_seconds_bucket{le="7200"} 0 apiserver_client_certificate_expiration_seconds_bucket{le="21600"} 0 apiserver_client_certificate_expiration_seconds_bucket{le="43200"} 0 apiserver_client_certificate_expiration_seconds_bucket{le="86400"} 0 apiserver_client_certificate_expiration_seconds_bucket{le="172800"} 0 apiserver_client_certificate_expiration_seconds_bucket{le="345600"} 0 apiserver_client_certificate_expiration_seconds_bucket{le="604800"} 0 apiserver_client_certificate_expiration_seconds_bucket{le="2.592e+06"} 0 apiserver_client_certificate_expiration_seconds_bucket{le="7.776e+06"} 0 apiserver_client_certificate_expiration_seconds_bucket{le="1.5552e+07"} 0 apiserver_client_certificate_expiration_seconds_bucket{le="3.1104e+07"} 0 apiserver_client_certificate_expiration_seconds_bucket{le="+Inf"} 2 apiserver_client_certificate_expiration_seconds_sum 6.305302434902146e+08 apiserver_client_certificate_expiration_seconds_count 2 # HELP apiserver_current_inflight_requests [STABLE] Maximal number of currently used inflight request limit of this apiserver per request kind in last second. # TYPE apiserver_current_inflight_requests gauge apiserver_current_inflight_requests{request_kind="mutating"} 0 apiserver_current_inflight_requests{request_kind="readOnly"} 0 # HELP apiserver_delegated_authn_request_duration_seconds [ALPHA] Request latency in seconds. Broken down by status code. # TYPE apiserver_delegated_authn_request_duration_seconds histogram apiserver_delegated_authn_request_duration_seconds_bucket{code="201",le="0.25"} 5910 apiserver_delegated_authn_request_duration_seconds_bucket{code="201",le="0.5"} 5910 apiserver_delegated_authn_request_duration_seconds_bucket{code="201",le="0.7"} 5910 apiserver_delegated_authn_request_duration_seconds_bucket{code="201",le="1"} 5910 apiserver_delegated_authn_request_duration_seconds_bucket{code="201",le="1.5"} 5910 apiserver_delegated_authn_request_duration_seconds_bucket{code="201",le="3"} 5910 apiserver_delegated_authn_request_duration_seconds_bucket{code="201",le="5"} 5910 apiserver_delegated_authn_request_duration_seconds_bucket{code="201",le="10"} 5910 apiserver_delegated_authn_request_duration_seconds_bucket{code="201",le="+Inf"} 5910 apiserver_delegated_authn_request_duration_seconds_sum{code="201"} 21.714198211000035 apiserver_delegated_authn_request_duration_seconds_count{code="201"} 5910 # HELP apiserver_delegated_authn_request_total [ALPHA] Number of HTTP requests partitioned by status code. # TYPE apiserver_delegated_authn_request_total counter apiserver_delegated_authn_request_total{code="201"} 5910 # HELP apiserver_delegated_authz_request_duration_seconds [ALPHA] Request latency in seconds. Broken down by status code. # TYPE apiserver_delegated_authz_request_duration_seconds histogram apiserver_delegated_authz_request_duration_seconds_bucket{code="201",le="0.25"} 4 apiserver_delegated_authz_request_duration_seconds_bucket{code="201",le="0.5"} 4 apiserver_delegated_authz_request_duration_seconds_bucket{code="201",le="0.7"} 4 apiserver_delegated_authz_request_duration_seconds_bucket{code="201",le="1"} 4 apiserver_delegated_authz_request_duration_seconds_bucket{code="201",le="1.5"} 4 .. .. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Important: OpenShift Container Platform 4.11.0 bug fix and security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2022:5069 |