The quota controllers act on resources retrieved from the discovery endpoint which might contain only a fraction of all resources due to a network error. Both controllers should periodically resync when new resources are observed from the discovery. Additionally, the CRQ should always ensure the current set of monitors are running. The CRQ should not block when new resources are observed (deadlock).
Reproduce with payload: 4.7.0-0.nightly-2020-12-03-083300 follow the steps here: 1) Scale down the CVO to replicas==0; 2) turn off openshift-apiserver; 3) change kubecontrollermanagers cluster to restart KCMs; 4) turn on openshift-apiserver; 5) create test project and create imagestream; 6) create quota about imagestream: `oc create quota test1 --hard=openshift.io/imagestreams=10` 7) create and delete the imagestream resource , could reproduce the issue, the quota only increase, can't decrease .
Confirmed with latest payload , can't reproduce the issue now: [root@dhcp-140-138 ~]# oc get clusterversion NAME VERSION AVAILABLE PROGRESSING SINCE STATUS version 4.7.0-0.nightly-2020-12-09-112139 True False 53m Cluster version is 4.7.0-0.nightly-2020-12-09-112139 Follow steps: 1) Scale down the CVO to replicas==0; 2) Chang the openshiftapiservers to Unmanaged status; 3) Scale down the openshift apiserver to 0, to turn off the openshift-apiserver; 4) restart all KCMs; 5) Turn on the openshift-apiserver; 6)Create test project and imagestream resource and quota about imagestream: 7) Delete all the imagestream, check the quota : [root@dhcp-140-138 ~]# oc get is NAME IMAGE REPOSITORY TAGS UPDATED httpd-example image-registry.openshift-image-registry.svc:5000/zhouy/httpd-example rails-postgresql-example image-registry.openshift-image-registry.svc:5000/zhouy/rails-postgresql-example [root@dhcp-140-138 ~]# oc describe quota Name: test1 Namespace: zhouy Resource Used Hard -------- ---- ---- openshift.io/imagestreams 2 10 [root@dhcp-140-138 ~]# oc delete all --all [root@dhcp-140-138 ~]# oc get is No resources found in zhouy namespace. [root@dhcp-140-138 ~]# oc describe quota Name: test1 Namespace: zhouy Resource Used Hard -------- ---- ---- openshift.io/imagestreams 0 10
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.7.0 security, bug fix, and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2020:5633