Bug 1888663 - sdn starts after kube-apiserver, delay readyz until oauth-apiserver is reachable
Summary: sdn starts after kube-apiserver, delay readyz until oauth-apiserver is reachable
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: kube-apiserver
Version: 4.6
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: ---
: 4.7.0
Assignee: David Eads
QA Contact: Ke Wang
URL:
Whiteboard:
Depends On:
Blocks: 1888741
TreeView+ depends on / blocked
 
Reported: 2020-10-15 13:07 UTC by David Eads
Modified: 2021-02-24 15:26 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: No Doc Update
Doc Text:
Clone Of:
Environment:
Last Closed: 2021-02-24 15:26:15 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift kubernetes pull 403 0 None closed bug 1888663: wait for oauth-apiserver accessibility 2021-01-11 03:03:30 UTC
Red Hat Product Errata RHSA-2020:5633 0 None None None 2021-02-24 15:26:32 UTC

Description David Eads 2020-10-15 13:07:02 UTC
This will improve disruption metrics against oauth-apis.

Comment 2 Ke Wang 2020-10-30 03:48:34 UTC
Refer to the PR change, if any apiserver is reached, will log following message,  openshift-oauth-apiserver is the newly added, that means its name will appear in the log.
    ...
        case <-reachedAggregatedAPIServer:
		end := time.Now()
		klog.Infof("reached %s via SDN after %v milliseconds", c.namespace, end.Sub(start).Milliseconds())
		return
	}

Verification steps:
$ oc get clusterversion
NAME      VERSION                             AVAILABLE   PROGRESSING   SINCE   STATUS
version   4.7.0-0.nightly-2020-10-27-051128   True        False         3h16m   Cluster version is 4.7.0-0.nightly-2020-10-27-051128

$ oc debug node/<master>
sh-4.4# cd /var/log/pods

sh-4.4# grep -nr 'reached.*via SDN after.*milliseconds' openshift-* 
openshift-kube-apiserver_kube-apiserver-ip-10-0-156-84.us-east-2.compute.internal_d84d633fd46024814dae5bf118e3dae8/kube-apiserver/0.log:691:2020-10-30T00:22:14.946911601+00:00 stderr F I1030 00:22:14.946819      18 sdn_readyz_wait.go:143] reached openshift-apiserver via SDN after 142 milliseconds
openshift-kube-apiserver_kube-apiserver-ip-10-0-156-84.us-east-2.compute.internal_d84d633fd46024814dae5bf118e3dae8/kube-apiserver/0.log:692:2020-10-30T00:22:14.962316689+00:00 stderr F I1030 00:22:14.962251      18 sdn_readyz_wait.go:143] reached openshift-oauth-apiserver via SDN after 157 milliseconds
openshift-kube-apiserver_kube-apiserver-ip-10-0-156-84.us-east-2.compute.internal_d84d633fd46024814dae5bf118e3dae8/kube-apiserver/0.log:6822:2020-10-30T00:41:04.689130636+00:00 stderr F I1030 00:41:04.689050      19 sdn_readyz_wait.go:143] reached openshift-oauth-apiserver via SDN after 104 milliseconds
openshift-kube-apiserver_kube-apiserver-ip-10-0-156-84.us-east-2.compute.internal_d84d633fd46024814dae5bf118e3dae8/kube-apiserver/0.log:6826:2020-10-30T00:41:04.698068644+00:00 stderr F I1030 00:41:04.697679      19 sdn_readyz_wait.go:143] reached openshift-apiserver via SDN after 112 milliseconds

We can find the above messages includes words 'reached openshift-oauth-apiserver via SDN after', they are we wanted, we couldn't see that in the OCP 4.6 release, so the fix worked well, move the bug VERIFIED.

Comment 5 errata-xmlrpc 2021-02-24 15:26:15 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.7.0 security, bug fix, and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2020:5633


Note You need to log in before you can comment on or make changes to this bug.