Bug 1781313 - [4.3] 4.2 to 4.3 upgrade stuck on monitoring: waiting for Thanos Querier Route to become ready failed
Summary: [4.3] 4.2 to 4.3 upgrade stuck on monitoring: waiting for Thanos Querier Rout...
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Networking
Version: 4.3.0
Hardware: Unspecified
OS: Unspecified
Target Milestone: ---
: 4.3.0
Assignee: Miciah Dashiel Butler Masters
QA Contact: Mike Fiedler
Depends On: 1778904 1780398
TreeView+ depends on / blocked
Reported: 2019-12-09 18:16 UTC by Miciah Dashiel Butler Masters
Modified: 2022-08-04 22:27 UTC (History)
12 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of: 1780398
Last Closed: 2020-01-23 11:18:20 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Github openshift router pull 70 0 None closed [release-4.3] Bug 1781313: status: performIngressConditionUpdate: Retry on 403 2020-08-17 09:38:58 UTC
Red Hat Product Errata RHBA-2020:0062 0 None None None 2020-01-23 11:18:42 UTC

Description Miciah Dashiel Butler Masters 2019-12-09 18:16:52 UTC
The router needs to retry updating a route's status when receiving a forbidden error (generally, the router should retry on all API errors).

+++ This bug was initially created as a clone of Bug #1780398 +++

Description of problem:

Upgrading a cluster with 2K projects from 4.2.9 to 4.3.0-0.nightly-2019-12-05-073829 failed with monitoring hung for an hour.  


--- Additional comment from Miciah Dashiel Butler Masters on 2019-12-06 18:58:26 UTC ---

The route in question was created at time 2019-12-05T20:09:20Z.  From 2019-12-05T20:09:41Z to 2019-12-05T20:12:15Z, the API was returning "forbidden: not yet ready to handle request" errors (not only to the router: I see the same error in logs for the auth operator, samples operator, CVO, and kube-controller-manager).  The router may have admitted the route, but the router failed to update the route's status due to the API outage.  The router is designed to be able to function with limited privileges.  It is not clear to me whether the router should retry on forbidden errors, or whether the API is incorrect in returning a forbidden error for a request that should be retried.

Comment 2 Mike Fiedler 2019-12-11 17:51:52 UTC
verification blocked by https://bugzilla.redhat.com/show_bug.cgi?id=1778904

Comment 3 Mike Fiedler 2019-12-19 14:29:35 UTC
Verified on registry.svc.ci.openshift.org/ocp/release:4.3.0-0.nightly-2019-12-19-050538

Multiple upgrades successful without hitting this issue.

Comment 5 errata-xmlrpc 2020-01-23 11:18:20 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.