Bug 1879019 - Kube Scheduler communicates with a Kube API via a localhost
Summary: Kube Scheduler communicates with a Kube API via a localhost
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: kube-scheduler
Version: 4.6
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: ---
: 4.6.0
Assignee: Tomáš Nožička
QA Contact: zhou ying
URL:
Whiteboard:
Depends On:
Blocks: 1863011 1887354
TreeView+ depends on / blocked
 
Reported: 2020-09-15 08:40 UTC by Lukasz Szaszkiewicz
Modified: 2020-10-27 16:41 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2020-10-27 16:40:46 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift cluster-kube-scheduler-operator pull 280 0 None closed Bug 1879019: Explicitly use internal LB for KS 2021-02-18 11:22:44 UTC
Red Hat Product Errata RHBA-2020:4196 0 None None None 2020-10-27 16:41:07 UTC

Description Lukasz Szaszkiewicz 2020-09-15 08:40:30 UTC
[1] shows that KS wasn't able to run because it failed looking up in-cluster configuration due to insufficient permissions (configmaps "extension-apiserver-authentication" is forbidden: User "system:kube-scheduler" cannot get resource "configmaps" in API group "" in the namespace "kube-system")


the audit logs revealed it communicated "10-0-176-71" which wasn't fully running at that time 03:59:06. There is a high chance that the request was rejected because the RBAC controller wasn't fully synchronised.


[1] - https://storage.googleapis.com/origin-ci-test/logs/release-openshift-origin-installer-e2e-aws-upgrade/1305692415100719104/artifacts/e2e-aws-upgrade/pods/openshift-kube-scheduler_openshift-kube-scheduler-ip-10-0-176-71.ec2.internal_kube-scheduler.log

[2] - https://prow.ci.openshift.org/view/gs/origin-ci-test/logs/release-openshift-origin-installer-e2e-aws-upgrade/1305692415100719104

Comment 6 errata-xmlrpc 2020-10-27 16:40:46 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (OpenShift Container Platform 4.6 GA Images), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:4196


Note You need to log in before you can comment on or make changes to this bug.