+++ This bug was initially created as a clone of Bug #1905195 +++ +++ This bug was initially created as a clone of Bug #1905194 +++ All API servers (openshift-apiserver, oauth-server) rely on the TCP stack to detect broken network connections to KAS. This can take up to 15 minutes. During that time our platform might be unavailable. There are already reported cases in which aggregated APIs (i.e. `openshift-apiserver`) were unable to establish a new connection to the Kube API for 15 minutes: - after "ungraceful termination" https://bugzilla.redhat.com/show_bug.cgi?id=1881878 - after a network error https://bugzilla.redhat.com/show_bug.cgi?id=1879232#c39) Detecting a broken connection should be quicker ideally it should take seconds not minutes.
This bug hasn't had any activity in the last 30 days. Maybe the problem got resolved, was a duplicate of something else, or became less pressing for some reason - or maybe it's still relevant but just hasn't been looked at yet. As such, we're marking this bug as "LifecycleStale" and decreasing the severity/priority. If you have further information on the current state of the bug, please update it, otherwise this bug can be closed in about 7 days. The information can be, for example, that the problem still occurs, that you still want the feature, that more information is needed, or that the bug is (for whatever reason) no longer relevant. Additionally, you can add LifecycleFrozen into Keywords if you think this bug should never be marked as stale. Please consult with bug assignee before you do that.
PRs are in the merge queue waiting for the QE team to verify.
The LifecycleStale keyword was removed because the bug got commented on recently. The bug assignee was notified.
Ke Wang, when PRs/bug statuses are ready, help verify (or pre-merge verify) openshift-apiserver, oauth-openshift, and oauth-apiserver, see my steps in the 4.7 clone bug 1905194#c14 ~ c16 (you can ignore other preceding exploring comments there). It has experiences of crafting broken connection for our components. May be re-used in future other bugs.
PRs are ready and have been already tagged. PRs will be merged after https://bugzilla.redhat.com/show_bug.cgi?id=1905195 is verified.
There is only one pending PR https://github.com/openshift/openshift-apiserver/pull/164
*** Bug 1881878 has been marked as a duplicate of this bug. ***
All pending PRs have merged. Please verify openshift-apiserver and oauth-server. oauth-apiserver was added in 4.6
(In reply to Lukasz Szaszkiewicz from comment #9) Hi, Lukasz, > All pending PRs have merged. Please verify openshift-apiserver and > oauth-server. > oauth-apiserver was added in 4.6 cloud you let us know which version of 4.6 fixed this problem? We still see the problem on OCP4.6.12.
(In reply to weiguo fan from comment #10) > (In reply to Lukasz Szaszkiewicz from comment #9) > > Hi, Lukasz, > > > All pending PRs have merged. Please verify openshift-apiserver and > > oauth-server. > > oauth-apiserver was added in 4.6 > > cloud you let us know which version of 4.6 fixed this problem? > We still see the problem on OCP4.6.12. Hi, sure, it was https://bugzilla.redhat.com/show_bug.cgi?id=1905195
In summary, previous 2 comments verify openshift-apiserver, oauth-openshift, they can detect broken connections to the kube apiserver immediately, so move the bug VERIFIED.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Important: OpenShift Container Platform 4.5.33 bug fix and security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2021:0428