Bug 1880314 - [release 4.5] cluster-image-registry-operator: Fix bug in reflector not recovering from "Too large resource version"
Summary: [release 4.5] cluster-image-registry-operator: Fix bug in reflector not recov...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Image Registry
Version: 4.5
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: ---
: 4.5.z
Assignee: Oleg Bulatov
QA Contact: Wenjing Zheng
URL:
Whiteboard:
Depends On: 1880354
Blocks: 1879901
TreeView+ depends on / blocked
 
Reported: 2020-09-18 09:43 UTC by Lukasz Szaszkiewicz
Modified: 2020-10-19 14:54 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Cause: the operator does not handle "Too large resource version" properly Consequence: when this error happens, the operator stops getting events from the cluster Fix: bump client-go Result: the operator can recover from this error
Clone Of:
: 1880354 (view as bug list)
Environment:
Last Closed: 2020-10-19 14:54:26 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift cluster-image-registry-operator pull 616 0 None closed Bug 1880314: Fix bug in reflector not recovering from "Too large resource version" 2020-12-04 12:00:55 UTC
Red Hat Product Errata RHBA-2020:4228 0 None None None 2020-10-19 14:54:48 UTC

Description Lukasz Szaszkiewicz 2020-09-18 09:43:03 UTC
A recent fix in the reflector/informer https://github.com/kubernetes/kubernetes/pull/92688 prevents components/operators from entering a hotloop and stuck.

There are already reported cases that have run into that issue and were stuck for hours or even days. For example https://bugzilla.redhat.com/show_bug.cgi?id=1877346.

The root cause of the issue is the fact that a watch cache is initialized from the global revision (etcd) and might stay on it for an undefined period (if no changes were (add, modify) made). 
That means that the watch cache across server instances may be out of sync. 
That might lead to a situation in which a client gets a resource version from a server that has observed a newer rv, disconnect (due to a network error) from it, and reconnect to a server that is behind, resulting in “Too large resource version“ errors.

More details in https://github.com/kubernetes/kubernetes/issues/91073 and https://github.com/kubernetes/enhancements/tree/master/keps/sig-api-machinery/1904-efficient-watch-resumption


It looks like the issue only affects 1.18. According to https://github.com/kubernetes/kubernetes/issues/91073#issuecomment-652251669 the issue was first introduced in that version by changes done to the reflector. 
The fix is already present in 1.19.


Please make sure that cluster-image-registry-operator is using a client-go that includes https://github.com/kubernetes/kubernetes/pull/92688 if not please use this BZ and file a PR.
In case you are using a framework to build your operator make sure it uses the right version of the client-go library.

Comment 4 Wenjing Zheng 2020-10-13 08:24:05 UTC
The version is changed as below: https://github.com/openshift/cluster-image-registry-operator/blob/release-4.5/go.mod#L64

$ oc image info quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:568acd89245aec8d2387a5b3a740ecaa9ba9f1709b8618dc443a17ffc005f322 | grep -i commit
             OS_GIT_COMMIT=4232d17
             SOURCE_GIT_COMMIT=4232d17a0612d90db35898fb10247417d8cc248d
             io.openshift.build.commit.id=4232d17a0612d90db35898fb10247417d8cc248d
             io.openshift.build.commit.url=https://github.com/openshift/cluster-image-registry-operator/commit/4232d17a0612d90db35898fb10247417d8cc248d

Verified on above commit.

Comment 6 errata-xmlrpc 2020-10-19 14:54:26 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (OpenShift Container Platform 4.5.15 bug fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:4228


Note You need to log in before you can comment on or make changes to this bug.