Bug 1845440 - Fix flipping of service-account-issuer in kube apiserver operator
Summary: Fix flipping of service-account-issuer in kube apiserver operator
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: kube-apiserver
Version: 4.6
Hardware: Unspecified
OS: Unspecified
Target Milestone: ---
: 4.6.0
Assignee: Stefan Schimanski
QA Contact: Ke Wang
Depends On:
Blocks: 1845441
TreeView+ depends on / blocked
Reported: 2020-06-09 09:06 UTC by Michal Fojtik
Modified: 2020-10-27 16:06 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
: 1845441 (view as bug list)
Last Closed: 2020-10-27 16:05:58 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Github openshift cluster-kube-apiserver-operator pull 880 0 None closed Bug 1845440: auth-config-observation: fix unstructured issuer slice type 2020-07-17 11:40:01 UTC
Red Hat Product Errata RHBA-2020:4196 0 None None None 2020-10-27 16:06:27 UTC

Description Michal Fojtik 2020-06-09 09:06:55 UTC
Description of problem:

Jun 04 22:41:42.095 I ns/openshift-kube-apiserver-operator deployment/kube-apiserver-operator reason/ObservedConfigChanged Writing updated observed config:   map[string]interface{}{\n  	"admission": map[string]interface{}{"pluginConfig": map[string]interface{}{"network.openshift.io/ExternalIPRanger": map[string]interface{}{"configuration": map[string]interface{}{"allowIngressIP": bool(false), "apiVersion": string("network.openshift.io/v1"), "kind": string("ExternalIPRangerAdmissionConfig")}}, "network.openshift.io/RestrictedEndpointsAdmission": map[string]interface{}{"configuration": map[string]interface{}{"apiVersion": string("network.openshift.io/v1"), "kind": string("RestrictedEndpointsAdmissionConfig"), "restrictedCIDRs": []interface{}{string(""), string("")}}}}},\n  	"apiServerArguments": map[string]interface{}{\n  		"cloud-provider":         []interface{}{string("aws")},\n  		"feature-gates":          []interface{}{string("APIPriorityAndFairness=true"), string("RotateKubeletServerCertificate=true"), string("SupportPodPidsLimit=true"), string("NodeDisruptionExclusion=true"), string("ServiceNodeExclusion=true"), string("SCTPSupport=true"), string("LegacyNodeRoleBehavior=false")},\n- 		"service-account-issuer": []interface{}{string("https://ci-op-dgz95p2d-067ff-pxnzv-oidc.s3.amazonaws.com")},\n+ 		"service-account-issuer": []string{"https://ci-op-dgz95p2d-067ff-pxnzv-oidc.s3.amazonaws.com"},\n  	},\n  	"authConfig":         map[string]interface{}{"oauthMetadataFile": string("/etc/kubernetes/static-pod-resources/configmaps/oauth-metadata/oauthMetadata")},\n  	"corsAllowedOrigins": []interface{}{string(`//127\.0\.0\.1(:|$)`), string("//localhost(:|$)")},\n  	... // 4 identical entries\n  }\n (785 times)

The issue is the service-account-issuer is flipping because of unstructured issuer slice type:

- "service-account-issuer": []interface{}{string("https://ci-op-dgz95p2d-067ff-pxnzv-oidc.s3.amazonaws.com")},
+ "service-account-issuer": []string{"https://ci-op-dgz95p2d-067ff-pxnzv-oidc.s3.amazonaws.com"}

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:

Actual results:

Expected results:

Additional info:

Comment 3 Ke Wang 2020-06-11 05:57:33 UTC
Refer to the comment https://bugzilla.redhat.com/show_bug.cgi?id=1845441#c3, not found related error in last two days of testing.

Checking the latest OCP 4.6 release, 
$ oc adm release info registry.svc.ci.openshift.org/ocp/release:4.6.0-0.nightly-2020-06-11-001445 --commits | grep -i kube-apiserver
  cluster-kube-apiserver-operator                https://github.com/openshift/cluster-kube-apiserver-operator                57f1a73eb6ed74c8b03134863a19baec42cf8987

$ git log --date local --pretty="%h %an %cd - %s" 57f1a73e | grep '#880'
57f1a73e OpenShift Merge Robot Tue Jun 9 09:10:24 2020 - Merge pull request #880 from sttts/sttts-unstructured-slice-flipping

We can see the PR is already in, move the bug verified.

Comment 5 errata-xmlrpc 2020-10-27 16:05:58 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (OpenShift Container Platform 4.6 GA Images), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.