Bug 1954544 - authn operator: endpoints controller should use the context it creates
Summary: authn operator: endpoints controller should use the context it creates
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: apiserver-auth
Version: 4.8
Hardware: Unspecified
OS: Unspecified
urgent
urgent
Target Milestone: ---
: 4.8.0
Assignee: Standa Laznicka
QA Contact: pmali
URL:
Whiteboard:
Depends On:
Blocks: 1941840
TreeView+ depends on / blocked
 
Reported: 2021-04-28 11:13 UTC by Standa Laznicka
Modified: 2021-11-29 14:22 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Cause: The authenticatication operator might start consuming a lot of memory when HTTP proxying is configured. Consequence: Scheduler might fail to schedule control plane pods. Fix: A memory leak was identified and fixed. Result: The authentication operator should now consume a reasonable amount of memory even in clusters with an HTTP proxy configured.
Clone Of:
Environment:
Last Closed: 2021-07-27 23:04:13 UTC
Target Upstream Version:
Embargoed:
pmali: needinfo-


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift cluster-authentication-operator pull 441 0 None open Bug 1954544: endpoints controller: actually use the context-constrained request 2021-04-28 11:17:52 UTC
Red Hat Knowledge Base (Solution) 6018601 0 None None None 2021-05-05 07:22:52 UTC
Red Hat Product Errata RHSA-2021:2438 0 None None None 2021-07-27 23:04:37 UTC

Description Standa Laznicka 2021-04-28 11:13:54 UTC
Description of problem:
This is a cover for https://bugzilla.redhat.com/show_bug.cgi?id=1941840 to make the process happy.

I'm going to include a minor fix to the authentication operator, the fix is quite irrelevant to the function of the cluster but since we're fixing that in 4.7, it might be nice to have that fixed in 4.8, too.

There is no need to test this.

Comment 1 Standa Laznicka 2021-04-29 08:37:53 UTC
Update: THIS NEEDS TO BE TESTED

Further investigation of the 4.7 issue made it apparent that the actual problem was when the HTTP proxying was configured. In such a case, the authentication-operator would start eating about 350-500MB additional memory an hour. This cannot happen and the linked PR should fix that behavior.

Comment 8 Nitish Kaushik 2021-05-19 11:28:46 UTC
Hi,

Do we have Any updates on fixing this bug in 4.7 ? If require, i will be raising a duplicate BZ for 4.7. 

Please let me know if it can be covered within same bug or shall i open a new one?

Regards,
Nitish Kaushik

Comment 10 Standa Laznicka 2021-05-25 07:44:45 UTC
You'll want to watch the errata for the 4.7 BZ for that - https://bugzilla.redhat.com/show_bug.cgi?id=1941840.

Comment 13 errata-xmlrpc 2021-07-27 23:04:13 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.8.2 bug fix and security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2021:2438


Note You need to log in before you can comment on or make changes to this bug.