Description of problem: when the multus-admission-controller deployed in the cluster. create the bad NetworkAttachmentDefinition, No error shown. Version-Release number of selected component (if applicable): 4.2.0-0.nightly-2019-07-19-030142 How reproducible: always Steps to Reproduce: 1. deploy cluster and check the multus-admission-controller pod had been created 2. Create one bad NetworkAttachmentDefinition as below in one namespaces apiVersion: "k8s.cni.cncf.io/v1" kind: NetworkAttachmentDefinition metadata: name: bad-conf spec: config: '{ "cniVersion": "0.3.0"malFormattedJSON 3. the bad NetworkAttachmentDefinition is created Actual results: # oc get networkattachmentdefinition.k8s.cni.cncf.io/bad-conf -n z1 -o yaml apiVersion: k8s.cni.cncf.io/v1 kind: NetworkAttachmentDefinition metadata: creationTimestamp: "2019-07-19T09:59:40Z" generation: 1 name: bad-conf namespace: z1 resourceVersion: "198224" selfLink: /apis/k8s.cni.cncf.io/v1/namespaces/z1/network-attachment-definitions/bad-conf uid: ecaa6adc-aa0b-11e9-a4de-02a5e7cede76 spec: config: '{ "cniVersion": "0.3.0"malFormattedJSON } }' Expected results: the bad NetworkAttachmentDefinition should not be created. should show error like: invalid config: error parsing configuration: invalid character 'm' after object key:value pair Additional info: no error any logs from pod # oc logs multus-admission-controller-6vxqh -n openshift-multus I0719 09:00:28.230719 1 main.go:41] starting net-attach-def-admission-controller webhook server [root@dhcp-140-66 multus-admission]#
Tomofumi Hayashi has a candidate fix available @ https://github.com/openshift/cluster-network-operator/pull/260 The problem was related to the admission controller not having the proper SSL certificates. Tomo has updated the method by which the operator watches for changes to the configMap which is used to make the SSL certificates available. More specifically, the configMap controller portion of the cluster-network-operator needed to be updated to properly watch for those changes.
hi, this PR https://github.com/openshift/cluster-network-operator/pull/260 still in 'open' status. So this bug should be remove from https://errata.devel.redhat.com/advisory/43533 I guess
https://github.com/openshift/cluster-network-operator/pull/260 is merged and verified the latest nightly as following: [tohayash@tohayash-srv test190726a]$ oc get clusterversion NAME VERSION AVAILABLE PROGRESSING SINCE STATUS version 4.2.0-0.ci-2019-07-26-062133 True False 28m Cluster version is 4.2.0-0.ci-2019-07-26-062133 [tohayash@tohayash-srv test190726a]$ cat ../cno-data/ptp.yml --- apiVersion: "k8s.cni.cncf.io/v1" kind: NetworkAttachmentDefinition metadata: name: ptp1 spec: config: '{ "cniVersion": "0.3.0", "type": "ptp" "ipam": { "type": "host-local", "subnet": "10.61.123.0/24" } }' [tohayash@tohayash-srv test190726a]$ oc create -f ../cno-data/ptp.yml Error from server: error when creating "../cno-data/ptp.yml": admission webhook "multus-validating-config.k8s.io" denied the request: invalid config: error parsing configuration: invalid character '"' after object key:value pair
Applying different syntax errors in net-attach-def configuration in 4.2.0-0.ci-2019-07-29-053408, creating failed and return different type of error logs: [root@dhcp-41-193 AWS]# oc create -f test1.yaml error: error parsing test1.yaml: error converting YAML to JSON: yaml: line 8: found unexpected end of stream [root@dhcp-41-193 AWS]# vim test2.yaml [root@dhcp-41-193 AWS]# oc create -f test2.yaml Error from server: error when creating "test2.yaml": admission webhook "multus-validating-config.k8s.io" denied the request: invalid config: error parsing configuration: invalid character '"' after object key:value pair [root@dhcp-41-193 AWS]# vim test2.yaml [root@dhcp-41-193 AWS]# oc create -f test2.yaml The NetworkAttachmentDefinition "bane ptp1" is invalid: metadata.name: Invalid value: "bane ptp1": a DNS-1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*') [root@dhcp-41-193 AWS]# vim test2.yaml [root@dhcp-41-193 AWS]# oc create -f test2.yaml Error from server: error when creating "test2.yaml": admission webhook "multus-validating-config.k8s.io" denied the request: invalid config: error parsing configuration: invalid character '"' after object key:value pair [root@dhcp-41-193 AWS]# vim test2.yaml [root@dhcp-41-193 AWS]# oc create -f test2.yaml Error from server: error when creating "test2.yaml": admission webhook "multus-validating-config.k8s.io" denied the request: invalid config: error parsing configuration: invalid character '}' looking for beginning of object key string [root@dhcp-41-193 AWS]# vim test2.yaml [root@dhcp-41-193 AWS]# oc create -f test2.yaml Error from server: error when creating "test2.yaml": admission webhook "multus-validating-config.k8s.io" denied the request: invalid config: error parsing configuration: missing 'type' [root@dhcp-41-193 AWS]#
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2019:2922