1880341 – [release 4.5] cluster-network-operator: Fix bug in reflector not recovering from "Too large resource version"

Bug 1880341 - [release 4.5] cluster-network-operator: Fix bug in reflector not recovering from "Too large resource version"

Summary: [release 4.5] cluster-network-operator: Fix bug in reflector not recovering ...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	Networking
Sub Component:
Version:	4.5
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	high
Target Milestone:	---
Target Release:	4.5.z
Assignee:	Jacob Tanenbaum
QA Contact:	zhaozhanqi
Docs Contact:
URL:
Whiteboard:
Duplicates (1):	1892596 (view as bug list)
Depends On:	1880369 1882071
Blocks:	1879901
TreeView+	depends on / blocked

Reported:	2020-09-18 10:19 UTC by Lukasz Szaszkiewicz
Modified:	2024-06-13 23:06 UTC (History)
CC List:	11 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Clones:	1882071 (view as bug list)
Environment:
Last Closed:	2020-12-01 10:48:48 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Github	openshift sdn pull 215	None	closed	[release-4.5] UPSTREAM<carry>: Bug 1880341: Fix bug in reflector not recovering from "Too large resource version"	2021-02-11 01:22:00 UTC
Red Hat Knowledge Base (Solution)	5526171	None	None	None	2020-10-28 20:33:18 UTC
Red Hat Product Errata	RHSA-2020:5194	None	None	None	2020-12-01 10:49:34 UTC

Description Lukasz Szaszkiewicz 2020-09-18 10:19:18 UTC

A recent fix in the reflector/informer https://github.com/kubernetes/kubernetes/pull/92688 prevents components/operators from entering a hotloop and stuck.

There are already reported cases that have run into that issue and were stuck for hours or even days. For example https://bugzilla.redhat.com/show_bug.cgi?id=1877346.

The root cause of the issue is the fact that a watch cache is initialized from the global revision (etcd) and might stay on it for an undefined period (if no changes were (add, modify) made).
That means that the watch cache across server instances may be out of sync.
That might lead to a situation in which a client gets a resource version from a server that has observed a newer rv, disconnect (due to a network error) from it, and reconnect to a server that is behind, resulting in “Too large resource version“ errors.

More details in https://github.com/kubernetes/kubernetes/issues/91073 and https://github.com/kubernetes/enhancements/tree/master/keps/sig-api-machinery/1904-efficient-watch-resumption

It looks like the issue only affects 1.18. According to https://github.com/kubernetes/kubernetes/issues/91073#issuecomment-652251669 the issue was first introduced in that version by changes done to the reflector.
The fix is already present in 1.19.

Please make sure that cluster-network-operator and its operands are using a client-go that includes https://github.com/kubernetes/kubernetes/pull/92688 if not please use this BZ and file a PR.
In case you are using a framework to build your operator make sure it uses the right version of the client-go library.

Comment 2 Ben Bennett 2020-09-21 13:36:19 UTC

This does not affect kube 1.19 so is not a problem in 4.6.

Comment 3 Ben Bennett 2020-09-21 13:38:48 UTC

Reopening since there is already a master version and Lukasz already linked to it.

Comment 4 Lukasz Szaszkiewicz 2020-09-23 18:24:31 UTC

(In reply to Ben Bennett from comment #2)
> This does not affect kube 1.19 so is not a problem in 4.6.

OpenShift in 4.6 can send a msg that the informers must understand and react.
We need to make sure that operators in 4.6 are at least on 1.18.6 as well.

Comment 7 Jacob Tanenbaum 2020-11-03 14:25:53 UTC

*** Bug 1892596 has been marked as a duplicate of this bug. ***

Comment 10 zhaozhanqi 2020-11-24 11:44:17 UTC

Verified this bug on 4.5.0-0.nightly-2020-11-22-160319

oc logs -n openshift-sdn sdn-controller-ktpsc | grep -i "too large"
$

Comment 12 errata-xmlrpc 2020-12-01 10:48:48 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.5.21 bug fix and security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2020:5194

Comment 13 Red Hat Bugzilla 2023-09-15 00:48:22 UTC

The needinfo request[s] on this closed bug have been removed as they have been unresolved for 500 days

Note You need to log in before you can comment on or make changes to this bug.