Bug 1868257 - [4.5] Handling of Ingress operator expired token (backport)
Summary: [4.5] Handling of Ingress operator expired token (backport)
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Routing
Version: 4.5
Hardware: Unspecified
OS: Unspecified
unspecified
low
Target Milestone: ---
: 4.5.z
Assignee: Miciah Dashiel Butler Masters
QA Contact: Hongan Li
URL:
Whiteboard:
Depends On: 1854383
Blocks:
TreeView+ depends on / blocked
 
Reported: 2020-08-12 06:59 UTC by Felipe M
Modified: 2020-09-21 17:42 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2020-09-21 17:42:05 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Github openshift cluster-ingress-operator pull 443 None closed [release-4.5] Bug 1868257: dns: Reread cloud credentials secret if it changes 2020-09-21 06:48:22 UTC
Red Hat Bugzilla 1854383 None None None 2020-08-12 06:59:34 UTC
Red Hat Product Errata RHBA-2020:3719 None None None 2020-09-21 17:42:21 UTC

Description Felipe M 2020-08-12 06:59:35 UTC
Backport from https://bugzilla.redhat.com/show_bug.cgi?id=1854383

---

Original description:

Description of problem:
The ingress operator fails to ensure a DNSRecord due to errors refreshing the token, restarting the operator fixes the issue.

Version-Release number of selected component (if applicable):
4.4

How reproducible:
Start the Ingress Operator with a valid token.
Expire/Revoke that token manually or edit the secret to make it fail refreshing.
Operator should get in degraded status and DNSRecord should fail updating.

Steps to Reproduce:
--

Actual results:
Ingress operator move to degraded state, and start retrying the calls.

Expected results:
1) After n subsequent retries, ingress operator requests a new credential token from the cloud credential operator
2) Operator handlers an authentication error over other errors and request a new credential or restarts itself logging the error.

Additional info:
I will try to get as much information from the client as possible.

Workaround:
Restarting the operator

Comment 4 Miciah Dashiel Butler Masters 2020-08-21 05:08:38 UTC
We'll look into doing the backport this upcoming sprint.

Comment 6 Andrew McDermott 2020-09-10 11:58:35 UTC
Iā€™m adding UpcomingSprint, because I was occupied by fixing bugs with
higher priority/severity, developing new features with higher
priority, or developing new features to improve stability at a macro
level. I will revisit this bug next sprint.

Comment 7 Miciah Dashiel Butler Masters 2020-09-11 19:27:51 UTC
The backport is merged but still needs to be verified.

Comment 10 Hongan Li 2020-09-15 03:08:10 UTC
verified with 4.5.0-0.nightly-2020-09-11-211229 and passed.

Comment 12 errata-xmlrpc 2020-09-21 17:42:05 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (OpenShift Container Platform 4.5.11 bug fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:3719


Note You need to log in before you can comment on or make changes to this bug.