Bug 1821689 - When changed CSR signer hot loops on update
Summary: When changed CSR signer hot loops on update
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: kube-controller-manager
Version: 4.4
Hardware: Unspecified
OS: Unspecified
high
medium
Target Milestone: ---
: 4.5.0
Assignee: Tomáš Nožička
QA Contact: zhou ying
URL:
Whiteboard:
Depends On:
Blocks: 1821690
TreeView+ depends on / blocked
 
Reported: 2020-04-07 12:23 UTC by Tomáš Nožička
Modified: 2020-07-13 17:26 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: No Doc Update
Doc Text:
Clone Of:
: 1821690 (view as bug list)
Environment:
Last Closed: 2020-07-13 17:26:04 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift cluster-kube-controller-manager-operator pull 390 0 None closed Bug 1821689: Fix csr-signer update hotloop 2020-06-23 09:52:00 UTC
Red Hat Product Errata RHBA-2020:2409 0 None None None 2020-07-13 17:26:31 UTC

Description Tomáš Nožička 2020-04-07 12:23:43 UTC
CKCMO keeps updating the csr-signer although no change is needed.

I0407 10:54:35.081638  298746 csrcontroller.go:167] CSRController sync done
I0407 10:54:35.081699  298746 csrcontroller.go:128] Starting CSRController sync
I0407 10:54:35.081791  298746 event.go:278] Event(v1.ObjectReference{Kind:"Deployment", Namespace:"openshift-kube-controller-manager-operator", Name:"kube-controller-manager-operator", UID:"840796e5-22d8-479c-b539-05c11be3f958", APIVersion:"apps/v1", ResourceVersion:"", FieldPath:""}): type: 'Normal' reason: 'SecretUpdated' Updated Secret/csr-signer -n openshift-kube-controller-manager because it changed
I0407 10:54:46.046043  298746 core.go:281] Secret openshift-kube-controller-manager/csr-signer changes: {"type":null}
I0407 10:54:46.230221  298746 csrcontroller.go:164] Refreshed CSRSigner.
I0407 10:54:46.230237  298746 csrcontroller.go:167] CSRController sync done
I0407 10:54:46.230250  298746 csrcontroller.go:128] Starting CSRController sync
I0407 10:54:46.230249  298746 event.go:278] Event(v1.ObjectReference{Kind:"Deployment", Namespace:"openshift-kube-controller-manager-operator", Name:"kube-controller-manager-operator", UID:"840796e5-22d8-479c-b539-05c11be3f958", APIVersion:"apps/v1", ResourceVersion:"", FieldPath:""}): type: 'Normal' reason: 'SecretUpdated' Updated Secret/csr-signer -n openshift-kube-controller-manager because it changed
I0407 10:54:57.144311  298746 core.go:281] Secret openshift-kube-controller-manager/csr-signer changes: {"type":null}
I0407 10:54:57.323193  298746 csrcontroller.go:164] Refreshed CSRSigner.
I0407 10:54:57.323220  298746 csrcontroller.go:167] CSRController sync done

Comment 4 zhou ying 2020-04-08 07:24:54 UTC
Confirmed with payload: 4.5.0-0.nightly-2020-04-07-234835, the issue can't reproduced:

oc logs -f po/kube-controller-manager-operator-6fc6f5957-wx22j

I0408 06:53:53.088718       1 request.go:621] Throttling request took 1.164445911s, request: GET:https://172.30.0.1:443/api/v1/namespaces/openshift-kube-controller-manager/pods/kube-controller-manager-ip-10-0-129-61.us-east-2.compute.internal
I0408 07:03:53.032004       1 request.go:621] Throttling request took 1.108140055s, request: GET:https://172.30.0.1:443/api/v1/namespaces/openshift-kube-controller-manager/pods/kube-controller-manager-ip-10-0-129-61.us-east-2.compute.internal
I0408 07:13:52.947357       1 request.go:621] Throttling request took 1.015735836s, request: GET:https://172.30.0.1:443/api/v1/namespaces/openshift-kube-controller-manager/pods?labelSelector=app%3Dinstaller
I0408 07:21:01.185033       1 event.go:278] Event(v1.ObjectReference{Kind:"Deployment", Namespace:"openshift-kube-controller-manager-operator", Name:"kube-controller-manager-operator", UID:"ee12da73-c49d-41d8-9728-87ce163eca87", APIVersion:"apps/v1", ResourceVersion:"", FieldPath:""}): type: 'Normal' reason: 'SecretCreated' Created Secret/csr-signer -n openshift-kube-controller-manager because it was missing

Comment 5 errata-xmlrpc 2020-07-13 17:26:04 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:2409


Note You need to log in before you can comment on or make changes to this bug.