Hide Forgot
The apiserver-watcher monitors the local apiserver, and indicates the gcp-routes.sh scripts the status of the apiserver VIP, so it can install the corresponding iptables rules to REDIRECT the traffic to the local apiserver instance. On dual-stack environments, the apiserver url can resolve to multiple IPs, one per IP family. The apiserver-watcher must send to the gcp-route script each of the resolved addresses, so those can be reachable in all the IP families.
Verified that on 4.8.0-0.nightly-2021-05-10-092939, apiserver-watcher removed the vip option. $ oc get clusterversion NAME VERSION AVAILABLE PROGRESSING SINCE STATUS version 4.8.0-0.nightly-2021-05-10-092939 True False 3m20s Cluster version is 4.8.0-0.nightly-2021-05-10-092939 $ oc get nodes NAME STATUS ROLES AGE VERSION ci-ln-91ngy22-f76d1-wj6lf-master-0 Ready master 24m v1.21.0-rc.0+86f0080 ci-ln-91ngy22-f76d1-wj6lf-master-1 Ready master 24m v1.21.0-rc.0+86f0080 ci-ln-91ngy22-f76d1-wj6lf-master-2 Ready master 24m v1.21.0-rc.0+86f0080 ci-ln-91ngy22-f76d1-wj6lf-worker-b-rhgd9 Ready worker 15m v1.21.0-rc.0+86f0080 ci-ln-91ngy22-f76d1-wj6lf-worker-c-vr9n2 Ready worker 15m v1.21.0-rc.0+86f0080 ci-ln-91ngy22-f76d1-wj6lf-worker-d-46jdk Ready worker 15m v1.21.0-rc.0+86f0080 $ oc get pods -A --field-selector spec.nodeName=ci-ln-91ngy22-f76d1-wj6lf-master-0 NAMESPACE NAME READY STATUS RESTARTS AGE kube-system apiserver-watcher-ci-ln-91ngy22-f76d1-wj6lf-master-0 1/1 Running 0 24m openshift-apiserver-operator openshift-apiserver-operator-6d66766644-k4xrt 1/1 Running 3 24m openshift-apiserver apiserver-567f87547-dszb4 2/2 Running 0 17m openshift-authentication-operator authentication-operator-74874c97-vc8nd 1/1 Running 3 24m openshift-authentication oauth-openshift-5c6f5d59c6-t8kmd 1/1 Running 0 14m openshift-cloud-credential-operator cloud-credential-operator-756c9f5ff6-xzh2n 2/2 Running 0 24m openshift-cluster-csi-drivers gcp-pd-csi-driver-node-zftpz 3/3 Running 0 22m openshift-cluster-node-tuning-operator tuned-trptw 1/1 Running 0 22m openshift-cluster-version cluster-version-operator-84fbfbb6f9-77m7r 1/1 Running 0 24m openshift-console console-6b4d9557c8-5cp5h 1/1 Running 1 14m openshift-controller-manager-operator openshift-controller-manager-operator-854b9f99f6-ph8nm 1/1 Running 3 24m openshift-controller-manager controller-manager-8mxc2 1/1 Running 0 16m openshift-dns-operator dns-operator-56fd6dbf7f-msjsn 2/2 Running 0 24m openshift-dns dns-default-lfqr6 2/2 Running 0 22m openshift-dns node-resolver-psb6k 1/1 Running 0 22m openshift-etcd-operator etcd-operator-5cd777f77-q6dqc 1/1 Running 3 24m openshift-etcd etcd-ci-ln-91ngy22-f76d1-wj6lf-master-0 3/3 Running 0 13m openshift-etcd etcd-quorum-guard-5cd8fb6668-phmpn 1/1 Running 0 23m openshift-etcd installer-2-ci-ln-91ngy22-f76d1-wj6lf-master-0 0/1 Completed 0 21m openshift-etcd installer-3-ci-ln-91ngy22-f76d1-wj6lf-master-0 0/1 Completed 0 14m openshift-etcd revision-pruner-2-ci-ln-91ngy22-f76d1-wj6lf-master-0 0/1 Completed 0 20m openshift-etcd revision-pruner-3-ci-ln-91ngy22-f76d1-wj6lf-master-0 0/1 Completed 0 13m openshift-image-registry cluster-image-registry-operator-6d9cc8bbc7-wxkpf 1/1 Running 2 25m openshift-image-registry node-ca-psfkn 1/1 Running 0 17m openshift-kube-apiserver installer-3-ci-ln-91ngy22-f76d1-wj6lf-master-0 0/1 Completed 0 19m openshift-kube-apiserver installer-6-ci-ln-91ngy22-f76d1-wj6lf-master-0 0/1 Completed 0 5m34s openshift-kube-apiserver kube-apiserver-ci-ln-91ngy22-f76d1-wj6lf-master-0 5/5 Running 0 3m11s openshift-kube-apiserver revision-pruner-3-ci-ln-91ngy22-f76d1-wj6lf-master-0 0/1 Completed 0 17m openshift-kube-apiserver revision-pruner-6-ci-ln-91ngy22-f76d1-wj6lf-master-0 0/1 Completed 0 77s openshift-kube-controller-manager-operator kube-controller-manager-operator-c78448f4f-62869 1/1 Running 3 24m openshift-kube-controller-manager installer-3-ci-ln-91ngy22-f76d1-wj6lf-master-0 0/1 Completed 0 21m openshift-kube-controller-manager installer-6-ci-ln-91ngy22-f76d1-wj6lf-master-0 0/1 Completed 0 13m openshift-kube-controller-manager installer-7-ci-ln-91ngy22-f76d1-wj6lf-master-0 0/1 Completed 0 10m openshift-kube-controller-manager kube-controller-manager-ci-ln-91ngy22-f76d1-wj6lf-master-0 4/4 Running 1 10m openshift-kube-controller-manager revision-pruner-3-ci-ln-91ngy22-f76d1-wj6lf-master-0 0/1 Completed 0 20m openshift-kube-controller-manager revision-pruner-6-ci-ln-91ngy22-f76d1-wj6lf-master-0 0/1 Completed 0 12m openshift-kube-controller-manager revision-pruner-7-ci-ln-91ngy22-f76d1-wj6lf-master-0 0/1 Completed 0 10m openshift-kube-scheduler-operator openshift-kube-scheduler-operator-dd9548c46-clr9j 1/1 Running 3 24m openshift-kube-scheduler installer-4-ci-ln-91ngy22-f76d1-wj6lf-master-0 0/1 Completed 0 20m openshift-kube-scheduler installer-5-ci-ln-91ngy22-f76d1-wj6lf-master-0 0/1 Completed 0 13m openshift-kube-scheduler installer-6-ci-ln-91ngy22-f76d1-wj6lf-master-0 0/1 Completed 0 12m openshift-kube-scheduler openshift-kube-scheduler-ci-ln-91ngy22-f76d1-wj6lf-master-0 3/3 Running 1 12m openshift-kube-scheduler revision-pruner-4-ci-ln-91ngy22-f76d1-wj6lf-master-0 0/1 Completed 0 17m openshift-kube-scheduler revision-pruner-6-ci-ln-91ngy22-f76d1-wj6lf-master-0 0/1 Completed 0 11m openshift-kube-storage-version-migrator-operator kube-storage-version-migrator-operator-86b454d77f-ztsnv 1/1 Running 3 24m openshift-machine-api cluster-autoscaler-operator-6545c86784-pq4kf 2/2 Running 0 25m openshift-machine-config-operator machine-config-daemon-7zxpk 2/2 Running 0 23m openshift-machine-config-operator machine-config-server-s7zf8 1/1 Running 0 22m openshift-marketplace marketplace-operator-656f9b8854-4p2rf 1/1 Running 0 24m openshift-monitoring node-exporter-9822n 2/2 Running 0 23m openshift-monitoring prometheus-operator-6bd8fbd7f4-5jtsr 2/2 Running 0 14m openshift-multus multus-admission-controller-gw2df 2/2 Running 0 23m openshift-multus multus-fzmzz 1/1 Running 0 24m openshift-multus network-metrics-daemon-m7v95 2/2 Running 0 24m openshift-network-diagnostics network-check-target-fxscr 1/1 Running 0 23m openshift-oauth-apiserver apiserver-5c4cb7cf5c-6dhxl 1/1 Running 0 21m openshift-operator-lifecycle-manager packageserver-848fcb757-575cw 1/1 Running 0 22m openshift-sdn sdn-controller-8z96b 1/1 Running 1 23m openshift-sdn sdn-nmwxx 2/2 Running 0 23m openshift-service-ca-operator service-ca-operator-7d9fbf7bc5-ct7fc 1/1 Running 3 24m $ oc -n openshift-machine-config-operator rsh machine-config-server-s7zf8 sh-4.4# apiserver-watcher --help Monitors the local apiserver and writes cloud-routes downfiles Usage: apisever-watcher [command] Available Commands: help Help about any command run Runs the apiserver-watcher version Print the version number of GCP Routes Controller Flags: --alsologtostderr log to standard error as well as files -h, --help help for apisever-watcher --log_backtrace_at traceLocation when logging hits line file:N, emit a stack trace (default :0) --log_dir string If non-empty, write log files in this directory --logtostderr log to standard error instead of files --stderrthreshold severity logs at or above this threshold go to stderr (default 2) -v, --v Level log level for V logs --vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging Use "apisever-watcher [command] --help" for more information about a command. sh-4.4# apiserver-watcher run --help Runs the apiserver-watcher Usage: apisever-watcher run [flags] Flags: --health-check-url string HTTP(s) URL for the health check. The hostname is also used to determine the virtual IPs -h, --help help for run --root-mount string where the nodes root filesystem is mounted for writing down files or chrooting. (default "/rootfs") Global Flags: --alsologtostderr log to standard error as well as files --log_backtrace_at traceLocation when logging hits line file:N, emit a stack trace (default :0) --log_dir string If non-empty, write log files in this directory --logtostderr log to standard error instead of files --stderrthreshold severity logs at or above this threshold go to stderr (default 2) -v, --v Level log level for V logs --vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging sh-4.4# exit exit
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.8.2 bug fix and security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2021:2438