Bug 1810712 - kube-apiserver creates two connections to etcd on localhost
Summary: kube-apiserver creates two connections to etcd on localhost
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: kube-apiserver
Version: 4.4
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
: 4.5.0
Assignee: Luis Sanchez
QA Contact: Ke Wang
URL:
Whiteboard:
Depends On:
Blocks: 1812210
TreeView+ depends on / blocked
 
Reported: 2020-03-05 18:58 UTC by Luis Sanchez
Modified: 2020-07-13 17:18 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: No Doc Update
Doc Text:
Clone Of:
: 1812210 (view as bug list)
Environment:
Last Closed: 2020-07-13 17:18:35 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift cluster-kube-apiserver-operator pull 788 0 None closed Bug 1810712: use localhost name instead of localhost IPs 2020-09-30 14:11:04 UTC
Red Hat Product Errata RHBA-2020:2409 0 None None None 2020-07-13 17:18:54 UTC

Description Luis Sanchez 2020-03-05 18:58:13 UTC
kube-apiserver connects to etcd on 127.0.0.1 and on ::1.

Comment 3 Ke Wang 2020-03-11 10:12:44 UTC
Verified with OCP 4.5.0-0.nightly-2020-03-10-234440,

kubeapiserver_pod=$(oc get pod -n openshift-kube-apiserver | grep kube-apiserver | head -1 | awk '{print $1}')

oc rsh -n openshift-kube-apiserver  $kubeapiserver_pod

in pod,
cat /etc/kubernetes/static-pod-resources/configmaps/config/config.yaml | python -m json.tool

Checking 
"storageConfig": {
        "ca": "/etc/kubernetes/static-pod-resources/configmaps/etcd-serving-ca/ca-bundle.crt",
        "certFile": "/etc/kubernetes/static-pod-resources/secrets/etcd-client/tls.crt",
        "keyFile": "/etc/kubernetes/static-pod-resources/secrets/etcd-client/tls.key",
        "urls": [
            "https://...133.130:2379",
            "https://...0.159.59:2379",
            "https://...0.161.145:2379",
            "https://localhost:2379"
        ]
    },


There should not has the ipv6 endpoint  "https://[::1]:2379".

Comment 5 errata-xmlrpc 2020-07-13 17:18:35 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:2409


Note You need to log in before you can comment on or make changes to this bug.