Bug 1469368 - Need make 'kube-service-catalog' project network global
Summary: Need make 'kube-service-catalog' project network global
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Installer
Version: 3.6.0
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: ---
: ---
Assignee: ewolinet
QA Contact: DeShuai Ma
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-07-11 06:42 UTC by DeShuai Ma
Modified: 2017-08-16 19:51 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: No Doc Update
Doc Text:
as part of the 3.6 deliverable to install the service catalog, we needed to make the kube-service-catalog project network global
Clone Of:
Environment:
Last Closed: 2017-08-10 05:31:01 UTC
Target Upstream Version:
Embargoed:
sdodson: needinfo-


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHEA-2017:1716 0 normal SHIPPED_LIVE Red Hat OpenShift Container Platform 3.6 RPM Release Advisory 2017-08-10 09:02:50 UTC

Description DeShuai Ma 2017-07-11 06:42:34 UTC
Description of problem:
In multitenant env, as service-catalog & asb in different project. the controller-manager can't access the the asb to get catalog.

Version-Release number of selected component (if applicable):
openshift v3.6.136
kubernetes v1.6.1+5115d708d7
etcd 3.2.1
openshift-ansible-3.6.140-1.git.0.4a02427.el7.noarch.rpm

How reproducible:
Always

Steps to Reproduce:
1. Check broker status
[root@ip-172-18-6-17 asb]# oc describe broker
Name:		ansible-service-broker
Namespace:	
Labels:		<none>
Events:
  FirstSeen	LastSeen	Count	From					SubObjectPath	Type		Reason			Message
  ---------	--------	-----	----					-------------	--------	------			-------
  7m		11s		21	service-catalog-controller-manager			Warning		ErrorFetchingCatalog	Error getting broker catalog for broker "ansible-service-broker": Get http://asb.openshift-ansible-service-broker.svc:1338/v2/catalog: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
[root@ip-172-18-6-17 asb]# oc get broker ansible-service-broker -o json
{
    "apiVersion": "servicecatalog.k8s.io/v1alpha1",
    "kind": "Broker",
    "metadata": {
        "creationTimestamp": "2017-07-11T05:39:55Z",
        "finalizers": [
            "kubernetes-incubator/service-catalog"
        ],
        "name": "ansible-service-broker",
        "resourceVersion": "17561",
        "selfLink": "/apis/servicecatalog.k8s.io/v1alpha1/brokersansible-service-broker",
        "uid": "5e7040d3-65fb-11e7-973f-0a580a810003"
    },
    "spec": {
        "url": "http://asb.openshift-ansible-service-broker.svc:1338"
    },
    "status": {
        "conditions": [
            {
                "lastTransitionTime": "2017-07-11T05:40:10Z",
                "message": "Error fetching catalog. Error getting broker catalog for broker \"ansible-service-broker\": Get http://asb.openshift-ansible-service-broker.svc:1338/v2/catalog: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)",
                "reason": "ErrorFetchingCatalog",
                "status": "False",
                "type": "Ready"
            }
        ]
    }
}

2.
3.

Actual results:

Expected results:

Additional info:
After join 'kube-service-catalog' & 'openshift-ansible-service-broker' get catalog success.
$ oadm pod-network join-projects --to=openshift-ansible-service-broker kube-service-catalog

Description of problem:

Version-Release number of the following components:
rpm -q openshift-ansible
rpm -q ansible
ansible --version

How reproducible:

Steps to Reproduce:
1.
2.
3.

Actual results:
Please include the entire output from the last TASK line through the end of output if an error is generated

Expected results:

Additional info:
Please attach logs from ansible-playbook with the -vvv flag

Comment 1 DeShuai Ma 2017-07-11 07:07:16 UTC
CC to Derek Carr, Not sure if you want make the project global or move it to other project

Comment 3 Derek Carr 2017-07-11 17:13:43 UTC
CC to Paul Morie.

Comment 7 Scott Dodson 2017-07-13 16:55:08 UTC
Probably need to make it conditional on use of the multitenant plugin, luckly there's only one way to set that, so something like this

when: os_sdn_network_plugin_name | default('') == 'redhat/openshift-ovs-multitenant'

Comment 10 DeShuai Ma 2017-07-18 05:40:35 UTC
Test on latest puddle, this is fixed.

Comment 12 errata-xmlrpc 2017-08-10 05:31:01 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2017:1716


Note You need to log in before you can comment on or make changes to this bug.