1745919 – set invalid value for reserved resource in kubeletconfig will succeed

Bug 1745919 - set invalid value for reserved resource in kubeletconfig will succeed

Summary: set invalid value for reserved resource in kubeletconfig will succeed

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	Node
Sub Component:
Version:	4.2.0
Hardware:	x86_64
OS:	Linux
Priority:	unspecified
Severity:	medium
Target Milestone:	---
Target Release:	4.6.0
Assignee:	Harshal Patil
QA Contact:	MinLi
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1855543
TreeView+	depends on / blocked

Reported:	2019-08-27 08:41 UTC by MinLi
Modified:	2020-10-27 15:54 UTC (History)
CC List:	7 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:	Cause: invalid values were allowed for cpu and memory reservation Consequence: kubelet refuse to start with invalid values for resource reservation Fix: Parse the values to verify that they are of right type and within the acceptable limits. Result: Invalid values for the resource reservation will not be accepted
Clone Of:
Clones:	1855543 (view as bug list)
Environment:
Last Closed:	2020-10-27 15:54:19 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Github	openshift machine-config-operator pull 1885	0	None	closed	Bug 1745919: KubeletConfig: Validate kubeReserved and systemReserved for KubeletConfig	2021-02-04 02:59:56 UTC
Red Hat Product Errata	RHBA-2020:4196	0	None	None	None	2020-10-27 15:54:52 UTC

Description MinLi 2019-08-27 08:41:47 UTC

Description of problem:
when set invalid value for reserved resource in kubeletconfig, there will tip no error.

Version-Release number of selected component (if applicable):
4.2.0-0.nightly-2019-08-25-233755 

How reproducible:
always

Steps to Reproduce:
1.$ oc label machineconfigpool worker custom-kubelet=set-reserved

2.$ oc create -f custom-kubelet-reserved.yaml
custom-kubelet-reserved.yaml:
apiVersion: machineconfiguration.openshift.io/v1
kind: KubeletConfig
metadata:
  name: set-reserved
spec:
  machineConfigPoolSelector:
    matchLabels:
      custom-kubelet: set-reserved
  kubeletConfig:
    kubeReserved:
      cpu: -200m
      memory: -200G
    systemReserved:
      cpu: -200m
      memory: -200G


3.$ oc get kubeletconfig set-reserved -o yaml
apiVersion: machineconfiguration.openshift.io/v1
kind: KubeletConfig
metadata:
  creationTimestamp: 2019-08-27T06:54:13Z
  finalizers:
  - 99-worker-fb06c452-c7ed-11e9-945a-fa163ee5f427-kubelet
  generation: 1
  name: set-reserved
  resourceVersion: "448294"
  selfLink: /apis/machineconfiguration.openshift.io/v1/kubeletconfigs/set-reserved
  uid: 7a99caa1-c897-11e9-bebe-fa163efc6e80
spec:
  kubeletConfig:
    kubeReserved:
      cpu: -200m
      memory: -200G
    systemReserved:
      cpu: -200m
      memory: -200G
  machineConfigPoolSelector:
    matchLabels:
      custom-kubelet: set-reserved
status:
  conditions:
  - lastTransitionTime: 2019-08-27T06:54:13Z
    message: Success
    status: "True"
    type: Success


Actual results:
2.create kubeletconfig succ
3.show kubeletconfig status Success

Expected results:
3.show error info for invalid value

Additional info:

Comment 1 MinLi 2019-08-27 08:49:25 UTC

besides negative value, other invalid value also tip no error, such as non-digital, fractional

Comment 3 MinLi 2019-09-02 08:43:25 UTC

@Robert Krawitz I found nothing about this kubeletconfig update in kubelet log.
And machineconfigpool worker is always in updating status after apply this kubeletconfig.
$ oc get machineconfigpool 
NAME     CONFIG                                             UPDATED   UPDATING   DEGRADED
master   rendered-master-16073f8c7a50faadb9277573fadb7ebc   True      False      False
worker   rendered-worker-70387f4bb2bf331216124c30d4e0434c   False     True       False

Comment 7 MinLi 2019-09-06 02:15:19 UTC

@Robert Krawitz，
how do you check the kubelet log? Is it "$ journalctl -u kubelet.service "? For I reproduce the bug, yet not find the log as you pasted above.

Comment 8 Eric Rich 2019-09-09 20:54:20 UTC

(In reply to MinLi from comment #7)
> @Robert Krawitz，
> how do you check the kubelet log? Is it "$ journalctl -u kubelet.service "?
> For I reproduce the bug, yet not find the log as you pasted above.

Yes that is how you check that log.

Comment 10 Harshal Patil 2020-05-28 15:28:53 UTC

I will look into this in upcoming sprint.

Comment 13 MinLi 2020-07-06 03:37:29 UTC

verified with version : 4.6.0-0.nightly-2020-07-05-192128

$ oc get kubeletconfig -o yaml 
apiVersion: v1
items:
- apiVersion: machineconfiguration.openshift.io/v1
  kind: KubeletConfig
  metadata:
    creationTimestamp: "2020-07-06T03:14:48Z"
    generation: 2
    managedFields:
    - apiVersion: machineconfiguration.openshift.io/v1
      fieldsType: FieldsV1
      fieldsV1:
        f:status:
          .: {}
          f:conditions: {}
      manager: machine-config-controller
      operation: Update
      time: "2020-07-06T03:16:52Z"
    - apiVersion: machineconfiguration.openshift.io/v1
      fieldsType: FieldsV1
      fieldsV1:
        f:spec:
          .: {}
          f:kubeletConfig:
            .: {}
            f:kubeReserved: {}
            f:systemReserved: {}
          f:machineConfigPoolSelector:
            .: {}
            f:matchLabels:
              .: {}
              f:custom-kubelet: {}
      manager: oc
      operation: Update
      time: "2020-07-06T03:16:52Z"
    name: set-reserved
    resourceVersion: "41026"
    selfLink: /apis/machineconfiguration.openshift.io/v1/kubeletconfigs/set-reserved
    uid: 5eb44ae4-2577-4006-b5f4-238c2bd7fb6b
  spec:
    kubeletConfig:
      kubeReserved:
        cpu: q2asdm
        memory: qwqw200G
      systemReserved:
        cpu: asdas00m
        memory: sdfsdfG
    machineConfigPoolSelector:
      matchLabels:
        custom-kubelet: set-reserved
  status:
    conditions:
    - lastTransitionTime: "2020-07-06T03:14:48Z"
      message: 'Error: KubeletConfiguration: cpu reservation value cannot be negative
        in kubeReserved'
      status: "False"
      type: Failure
    - lastTransitionTime: "2020-07-06T03:16:52Z"
      message: 'Error: KubeletConfiguration: invalid value specified for cpu reservation
        in kubeReserved, q2asdm'
      status: "False"
      type: Failure
kind: List
metadata:
  resourceVersion: ""
  selfLink: ""

Comment 15 errata-xmlrpc 2020-10-27 15:54:19 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (OpenShift Container Platform 4.6 GA Images), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:4196

Note You need to log in before you can comment on or make changes to this bug.