Bug 1780809 - [MSTR-485] co/kube-apiserver stuck in Progressing and Degraded after deleting openshift-kube-apiserver
Summary: [MSTR-485] co/kube-apiserver stuck in Progressing and Degraded after deleting...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: kube-apiserver
Version: 4.4
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: ---
: 4.4.0
Assignee: Luis Sanchez
QA Contact: Ke Wang
URL:
Whiteboard:
Depends On:
Blocks: 1775580
TreeView+ depends on / blocked
 
Reported: 2019-12-07 03:56 UTC by Luis Sanchez
Modified: 2020-05-04 11:19 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of: 1775580
Environment:
Last Closed: 2020-05-04 11:19:04 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift cluster-kube-apiserver-operator pull 695 0 None closed Bug 1780809: kube-apiserver stuck in Progressing/Degraded if target revision is deleted 2020-11-19 10:10:14 UTC
Github openshift library-go pull 630 0 'None' closed Bug 1780809: kube-apiserver stuck in Progressing/Degraded if target revision is deleted 2020-11-19 10:10:35 UTC
Red Hat Product Errata RHBA-2020:0581 0 None None None 2020-05-04 11:19:37 UTC

Comment 2 Xingxing Xia 2019-12-30 10:48:01 UTC 
Ke Wang, pls refer to the verification steps of the same bug with other version and verify in 4.4 env, thanks
Comment 3 Ke Wang 2020-01-06 09:02:24 UTC 
Verified with the following ENV:
$ oc version
Client Version: v4.4.0
Server Version: 4.4.0-0.nightly-2020-01-05-221122
Kubernetes Version: v1.17.0

- Steps,
$ oc edit secret encryption-config encryption-config-{7..8} -n openshift-kube-apiserver
secret/encryption-config edited
secret/encryption-config-7 edited
secret/encryption-config-8 edited

$ oc delete project openshift-kube-apiserver
project.project.openshift.io "openshift-kube-apiserver" deleted

$ oc get ns openshift-kube-apiserver -w
NAME                       STATUS        AGE
openshift-kube-apiserver   Terminating   132m

To find the reason why openshift-kube-apiserver is in terminating
$ oc get ns openshift-kube-apiserver -o yaml
...
- lastTransitionTime: "2020-01-06T07:45:14Z"
    message: 'Some content in the namespace has finalizers remaining: encryption.apiserver.operator.openshift.io/deletion-protection
      in 1 resource instances'
    reason: SomeFinalizersRemain
    status: "True"
...

Find still one secret existing, deleted it.
$ oc get secret -n openshift-kube-apiserver
NAME                  TYPE     DATA   AGE
encryption-config-9   Opaque   1      59m

$ oc edit secret -n openshift-kube-apiserver

Check the openshift-kube-apiserver status again, it's activated
$ oc get ns openshift-kube-apiserver
NAME                       STATUS   AGE
openshift-kube-apiserver   Active   58s

After several minutes, check pod, ClusterOperator and node status,

 oc get po -A | grep -vE "(Running|Completed)"; oc get co; oc get no

$ oc get co --no-headers | grep -v samples| grep -v "True.*False.*False" # none
Comment 5 errata-xmlrpc 2020-05-04 11:19:04 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:0581
Note You need to log in before you can comment on or make changes to this bug.