Bug 1731392 - [multus-admission]multus admission did not take effect
Summary: [multus-admission]multus admission did not take effect
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Networking
Version: 4.2.0
Hardware: All
OS: All
high
high
Target Milestone: ---
: 4.2.0
Assignee: Douglas Smith
QA Contact: zhaozhanqi
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-07-19 10:11 UTC by zhaozhanqi
Modified: 2019-10-16 06:30 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-10-16 06:30:08 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2019:2922 None None None 2019-10-16 06:30:17 UTC

Description zhaozhanqi 2019-07-19 10:11:26 UTC
Description of problem:
when the multus-admission-controller deployed in the cluster. create the bad NetworkAttachmentDefinition, No error shown. 

Version-Release number of selected component (if applicable):
4.2.0-0.nightly-2019-07-19-030142

How reproducible:
always

Steps to Reproduce:
1. deploy cluster and check the multus-admission-controller pod had been created
2. Create one bad NetworkAttachmentDefinition as below in one namespaces
    
apiVersion: "k8s.cni.cncf.io/v1"
kind: NetworkAttachmentDefinition
metadata:
  name: bad-conf
spec:
  config: '{
      "cniVersion": "0.3.0"malFormattedJSON
      

3. the bad NetworkAttachmentDefinition is created

Actual results:

# oc get networkattachmentdefinition.k8s.cni.cncf.io/bad-conf -n z1 -o yaml
apiVersion: k8s.cni.cncf.io/v1
kind: NetworkAttachmentDefinition
metadata:
  creationTimestamp: "2019-07-19T09:59:40Z"
  generation: 1
  name: bad-conf
  namespace: z1
  resourceVersion: "198224"
  selfLink: /apis/k8s.cni.cncf.io/v1/namespaces/z1/network-attachment-definitions/bad-conf
  uid: ecaa6adc-aa0b-11e9-a4de-02a5e7cede76
spec:
  config: '{ "cniVersion": "0.3.0"malFormattedJSON } }'


Expected results:

the bad NetworkAttachmentDefinition should not be created. 
should show error like:  invalid config: error parsing configuration: invalid character 'm' after object key:value pair


Additional info:
no error any logs from pod 

# oc logs multus-admission-controller-6vxqh -n openshift-multus
I0719 09:00:28.230719       1 main.go:41] starting net-attach-def-admission-controller webhook server
[root@dhcp-140-66 multus-admission]#

Comment 1 Douglas Smith 2019-07-23 13:37:59 UTC
Tomofumi Hayashi has a candidate fix available @ https://github.com/openshift/cluster-network-operator/pull/260

The problem was related to the admission controller not having the proper SSL certificates. Tomo has updated the method by which the operator watches for changes to the configMap which is used to make the SSL certificates available. More specifically, the configMap controller portion of the cluster-network-operator needed to be updated to properly watch for those changes.

Comment 3 zhaozhanqi 2019-07-24 07:36:58 UTC
hi, this PR https://github.com/openshift/cluster-network-operator/pull/260 still in 'open' status. So this bug should be remove from https://errata.devel.redhat.com/advisory/43533 I guess

Comment 4 Tomofumi Hayashi 2019-07-26 09:55:41 UTC
https://github.com/openshift/cluster-network-operator/pull/260 is merged and verified the latest nightly as following:


[tohayash@tohayash-srv test190726a]$ oc get clusterversion
NAME      VERSION                        AVAILABLE   PROGRESSING   SINCE   STATUS
version   4.2.0-0.ci-2019-07-26-062133   True        False         28m     Cluster version is 4.2.0-0.ci-2019-07-26-062133
[tohayash@tohayash-srv test190726a]$ cat ../cno-data/ptp.yml 
---
apiVersion: "k8s.cni.cncf.io/v1"
kind: NetworkAttachmentDefinition
metadata:
  name: ptp1
spec: 
  config: '{
                "cniVersion": "0.3.0",
                "type": "ptp"
                "ipam": {
                        "type": "host-local",
                        "subnet": "10.61.123.0/24"
                }
        }'
[tohayash@tohayash-srv test190726a]$ oc create -f ../cno-data/ptp.yml 
Error from server: error when creating "../cno-data/ptp.yml": admission webhook "multus-validating-config.k8s.io" denied the request: invalid config: error parsing configuration: invalid character '"' after object key:value pair

Comment 5 Weibin Liang 2019-07-29 14:21:30 UTC
Applying different syntax errors in net-attach-def configuration in 4.2.0-0.ci-2019-07-29-053408, creating failed and return different type of error logs:

[root@dhcp-41-193 AWS]# oc create -f test1.yaml 
error: error parsing test1.yaml: error converting YAML to JSON: yaml: line 8: found unexpected end of stream
[root@dhcp-41-193 AWS]# vim test2.yaml
[root@dhcp-41-193 AWS]# oc create -f test2.yaml 
Error from server: error when creating "test2.yaml": admission webhook "multus-validating-config.k8s.io" denied the request: invalid config: error parsing configuration: invalid character '"' after object key:value pair
[root@dhcp-41-193 AWS]# vim test2.yaml
[root@dhcp-41-193 AWS]# oc create -f test2.yaml 
The NetworkAttachmentDefinition "bane ptp1" is invalid: metadata.name: Invalid value: "bane ptp1": a DNS-1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*')
[root@dhcp-41-193 AWS]# vim test2.yaml
[root@dhcp-41-193 AWS]# oc create -f test2.yaml 
Error from server: error when creating "test2.yaml": admission webhook "multus-validating-config.k8s.io" denied the request: invalid config: error parsing configuration: invalid character '"' after object key:value pair
[root@dhcp-41-193 AWS]# vim test2.yaml
[root@dhcp-41-193 AWS]# oc create -f test2.yaml 
Error from server: error when creating "test2.yaml": admission webhook "multus-validating-config.k8s.io" denied the request: invalid config: error parsing configuration: invalid character '}' looking for beginning of object key string
[root@dhcp-41-193 AWS]# vim test2.yaml
[root@dhcp-41-193 AWS]# oc create -f test2.yaml 
Error from server: error when creating "test2.yaml": admission webhook "multus-validating-config.k8s.io" denied the request: invalid config: error parsing configuration: missing 'type'
[root@dhcp-41-193 AWS]#

Comment 6 errata-xmlrpc 2019-10-16 06:30:08 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2019:2922


Note You need to log in before you can comment on or make changes to this bug.