Bug 1936030 - Ingress operator performs spurious updates in response to API's defaulting of NodePort service's clusterIPs field
Summary: Ingress operator performs spurious updates in response to API's defaulting of...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Networking
Version: 4.8
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: ---
: 4.8.0
Assignee: Miciah Dashiel Butler Masters
QA Contact: Hongan Li
URL:
Whiteboard:
Depends On:
Blocks: 1937214
TreeView+ depends on / blocked
 
Reported: 2021-03-06 01:10 UTC by Miciah Dashiel Butler Masters
Modified: 2022-08-04 22:32 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2021-07-27 22:51:38 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift cluster-ingress-operator pull 567 0 None open Bug 1936030: Fix spurious reconciliation of NodePort services 2021-03-06 01:15:50 UTC
Red Hat Product Errata RHSA-2021:2438 0 None None None 2021-07-27 22:52:05 UTC

Description Miciah Dashiel Butler Masters 2021-03-06 01:10:13 UTC 
Description of problem:

When the ingress operator reconciles an ingresscontroller that has the "NodePortService" endpoint publishing strategy type, the operator gets the ingresscontroller's nodeport service (if one exists) from the API to determine whether the operator needs to create or update the service.  If the service does not exist, the operator creates it, and if the service does exist, the operator compares it with what the operator expects to get in order to determine whether an update is needed for that service.  In this comparison, if the API has set a value for the service's clusterIPs field, the operator detects the update and tries to set the clusterIPs field back to the empty value.  The operator should not update the service in response to API defaulting.


Version-Release number of selected component (if applicable):

The clusterIPs field is new in Kubernetes 1.20 (OpenShift 4.7).


Steps to Reproduce:

1. Launch a new cluster.

2. Create an ingresscontroller with the "NodePortService" endpoint publishing strategy:

    oc create -f - <<'EOF'
    apiVersion: operator.openshift.io/v1
    kind: IngressController
    metadata:
      name: nodeport
      namespace: openshift-ingress-operator
    spec:
      replicas: 1
      domain: example.com
      endpointPublishingStrategy:
        type: NodePortService
    EOF

3. Check the ingress operator's logs:

    oc -n openshift-ingress-operator logs deploy/ingress-operator -c ingress-operator


Actual results:

The ingress operator's logs have "updated NodePort service" repeated several times.


Expected results:

The ingress operator should ignore the clusterIPs field's value and should not log "updated NodePort service" unless the service is updated outside of API defaulting.
Comment 2 Hongan Li 2021-03-16 08:54:32 UTC 
verified with 4.8.0-0.nightly-2021-03-15-203554 and passed.

just saw one "created NodePort service" message in the log.

$ oc get clusterversion
NAME      VERSION                             AVAILABLE   PROGRESSING   SINCE   STATUS
version   4.8.0-0.nightly-2021-03-15-203554   True        False         7h2m    Cluster version is 4.8.0-0.nightly-2021-03-15-203554

$ oc -n openshift-ingress-operator logs deploy/ingress-operator -c ingress-operator | grep NodePort
2021-03-16T08:41:55.831Z	INFO	operator.ingress_controller	ingress/controller.go:677	created NodePort service{"service": "&Service{ObjectMeta:{router-nodeport-nodeport  openshift-ingress  6b76bca0-092e-4629-bb92-f4f4e276f18a 229482 0 2021-03-16 08:41:55 +0000 UTC <nil> <nil> map
Comment 5 errata-xmlrpc 2021-07-27 22:51:38 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.8.2 bug fix and security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2021:2438
Note You need to log in before you can comment on or make changes to this bug.