Bug 1961644
| Summary: | NodeAuthenticator tests are failing in IPv6 | ||
|---|---|---|---|
| Product: | OpenShift Container Platform | Reporter: | Arda Guclu <aguclu> |
| Component: | apiserver-auth | Assignee: | Ryan Phillips <rphillips> |
| Status: | CLOSED ERRATA | QA Contact: | liyao |
| Severity: | medium | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 4.8 | CC: | aos-bugs, mfojtik, skuznets, surbania, xxia |
| Target Milestone: | --- | ||
| Target Release: | 4.8.0 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2021-07-27 23:08:55 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Upstream fix is https://github.com/kubernetes/kubernetes/pull/102089 PR is attached (lgtm)... Moving over to the auth team to review/approve the upstream patch and backport in. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.8.2 bug fix and security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2021:2438 |
Description of problem: [sig-auth] [Feature:NodeAuthenticator] The kubelet can delegate ServiceAccount tokens to the API server [sig-auth] [Feature:NodeAuthenticator] The kubelet's main port 10250 should reject requests with no credentials tests are failing in IPv6. Version-Release number of selected component (if applicable): 4.8+ How reproducible: Run e2e-metal-ipi-ovn-ipv6 by enabling these 2 tests. Actual results: Tests are getting error; Err: { s: "error running /usr/local/bin/kubectl --server=https://api.ostest.test.metalkube.org:6443 --kubeconfig=ocp/ostest/auth/kubeconfig --namespace=e2e-node-authn-205 exec agnhost-pod -- /bin/sh -x -c curl -sIk -o /dev/null -w '%{http_code}' --header \"Authorization: Bearer `cat /var/run/secrets/kubernetes.io/serviceaccount/token`\" https://fd2e:6f44:5dd8:c956::14:10250/metrics:\nCommand stdout:\n000\nstderr:\n+ cat /var/run/secrets/kubernetes.io/serviceaccount/token\n+ curl -sIk -o /dev/null -w '%{http_code}' --header 'Authorization: Bearer XXXXXXXX https://fd2e:6f44:5dd8:c956::14:10250/metrics\ncommand terminated with exit code 3\n\nerror:\nexit status 3", }, Code: 3, } Expected results: Tests are passing in IPv6 configuration. Additional info: This is a bug in upstream.