Bug 1876166 - need to be able to disable kube-apiserver connectivity checks
Summary: need to be able to disable kube-apiserver connectivity checks
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: kube-apiserver
Version: 4.6
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: ---
: 4.7.0
Assignee: Luis Sanchez
QA Contact: Ke Wang
URL:
Whiteboard:
Depends On:
Blocks: 1887634 1887718
TreeView+ depends on / blocked
 
Reported: 2020-09-06 00:22 UTC by Luis Sanchez
Modified: 2021-02-24 15:17 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: No Doc Update
Doc Text:
Clone Of:
: 1876167 1887634 (view as bug list)
Environment:
Last Closed: 2021-02-24 15:17:26 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift cluster-kube-apiserver-operator pull 943 0 None closed Bug 1876166: disable kube-apiserver connectivity checks 2021-01-22 03:20:52 UTC
Github openshift cluster-kube-apiserver-operator pull 964 0 None closed Bug 1876166: add ability to disable kube-apiserver connectivity checks 2021-01-22 03:21:33 UTC
Github openshift cluster-kube-apiserver-operator pull 978 0 None closed Bug 1876166: need to be able to disable kube-apiserver connectivity checks 2021-01-22 03:20:52 UTC
Github openshift cluster-openshift-apiserver-operator pull 402 0 None closed Bug 1876166: need to be able to disable kube-apiserver connectivity checks 2021-01-22 03:21:34 UTC
Red Hat Product Errata RHSA-2020:5633 0 None None None 2021-02-24 15:17:46 UTC

Description Luis Sanchez 2020-09-06 00:22:52 UTC
Description of problem:

kube-apiserver pod performs connectivity checks to report on network outages. Sometimes when debugging certain types of issues, the activity from the connectivity checks results in too much data, making it more difficult to pinpoint the root cause. We need to be able to temporarily disable the connectivity checks.

Comment 3 Ke Wang 2020-10-10 08:10:19 UTC
$ oc get clusterversion
NAME      VERSION                             AVAILABLE   PROGRESSING   SINCE   STATUS
version   4.6.0-0.nightly-2020-10-09-224055   True        False         5h59m   Cluster version is 4.6.0-0.nightly-2020-10-09-224055

Updated the KubeAPIServer as following, 
$ oc edit kubeapiserver cluster
spec:
  unsupportedConfigOverrides:
    operator:
      enableConnectivityCheckController: "True"

After that, the kube-apiserver ran into CrashLoopBackOff,
$ oc get pods -n openshift-kube-apiserver --show-labels | grep kube-apiserver
kube-apiserver-kewang1061-tnbbj-master-0.c.openshift-qe.internal      4/5     CrashLoopBackOff   8          5h59m   apiserver=true,app=openshift-kube-apiserver,revision=6
kube-apiserver-kewang1061-tnbbj-master-1.c.openshift-qe.internal      4/5     CrashLoopBackOff   8          6h3m    apiserver=true,app=openshift-kube-apiserver,revision=6
kube-apiserver-kewang1061-tnbbj-master-2.c.openshift-qe.internal      4/5     Running            8          6h2m    apiserver=true,app=openshift-kube-apiserver,revision=6

The fix doesn't work, so assign back.

Comment 10 errata-xmlrpc 2021-02-24 15:17:26 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.7.0 security, bug fix, and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2020:5633


Note You need to log in before you can comment on or make changes to this bug.