Bug 1858802 - rangeallocations.data is never updated when a project is removed
Summary: rangeallocations.data is never updated when a project is removed
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: kube-controller-manager
Version: 4.2.z
Hardware: Unspecified
OS: Unspecified
urgent
urgent
Target Milestone: ---
: 4.3.z
Assignee: Maciej Szulik
QA Contact: RamaKasturi
URL:
Whiteboard:
Depends On: 1858800
Blocks: 1858803
TreeView+ depends on / blocked
 
Reported: 2020-07-20 12:40 UTC by Maciej Szulik
Modified: 2020-09-23 13:53 UTC (History)
19 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Cause: UID range allocation is never updated when a project is removed. Only restarting kube-controller-manager pod was triggering repair procedure which was clearing that range. Consequence: It is possible to exhaust the UID range on cluster with high namespace create+remove turnover. Fix: Periodically run the repair job. Result: The UID range allocation should be freed periodically (currently every 8 hours) which should not require additional kube-controller-manager restarts. It should also ensure that the range is not exhausted.
Clone Of: 1858800
: 1858803 (view as bug list)
Environment:
Last Closed: 2020-09-23 13:52:39 UTC
Target Upstream Version:

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


Links
System ID Private Priority Status Summary Last Updated
Github openshift cluster-policy-controller pull 34 0 None closed [release-4.3] Bug 1858802: add UID deallocation logic 2020-09-30 16:40:54 UTC
Red Hat Product Errata RHBA-2020:3609 0 None None None 2020-09-23 13:53:02 UTC

Comment 1 Maciej Szulik 2020-08-21 14:12:18 UTC 
Iā€™m adding UpcomingSprint, because I was occupied by fixing bugs with higher priority/severity, developing new features with higher priority, or developing new features to improve stability at a macro level. I will revisit this bug next sprint.
Comment 4 RamaKasturi 2020-09-08 15:55:22 UTC 
Moving the bug to verified state as i see that rangeallocations.data is updated whenever a project is deleted.

4.3.0-0.nightly-2020-09-02-201249

Below are the steps followed to verify the bug:
=================================================
1) Install 4.3.z cluster
2) Create more than 10K projects and see that rangeallocations.data is updated as below

[ramakasturinarra@dhcp35-60 cucushift]$ oc get projects | wc -l
54
[ramakasturinarra@dhcp35-60 cucushift]$ oc get rangeallocations scc-uid -o yaml | grep -o "/" | wc -l
15

[ramakasturinarra@dhcp35-60 ~]$ oc get projects | wc -l
9986
[ramakasturinarra@dhcp35-60 ~]$ oc get rangeallocations scc-uid -o yaml | grep -o "/" | wc -l
1763

[ramakasturinarra@dhcp35-60 cucushift]$ oc get projects | wc -l
10100
[ramakasturinarra@dhcp35-60 cucushift]$ oc get rangeallocations scc-uid -o yaml | grep -o "/" | wc -l
1792

[ramakasturinarra@dhcp35-60 cucushift]$ oc get projects | wc -l
10154

[ramakasturinarra@dhcp35-60 cucushift]$ oc get rangeallocations scc-uid -o yaml | grep -o "/" | wc -l
1808

[ramakasturinarra@dhcp35-60 cucushift]$ oc get projects | wc -l
54
[ramakasturinarra@dhcp35-60 cucushift]$ oc get rangeallocations scc-uid -o yaml | grep -o "/" | wc -l
318

[ramakasturinarra@dhcp35-60 cucushift]$ oc get projects | wc -l
54
[ramakasturinarra@dhcp35-60 cucushift]$ oc get rangeallocations scc-uid -o yaml | grep -o "/" | wc -l
15

When the projects are  deleted it came down to its original value which is 15. 

Based on the above data moving the bug to verified state.
Comment 6 errata-xmlrpc 2020-09-23 13:52:39 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (OpenShift Container Platform 4.3.38 bug fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:3609
Note You need to log in before you can comment on or make changes to this bug.