For the past months, we have been involved in many escalations that showed a misconfigured load balancer can cause a significant outages. One quick way of ruling a malfunctioning LB is to switch affected components to use localhost to communicate with Kube API. We are going to use this BZ to merge a few PRs for KCM and KC to allow that. Once they merge the support engineers will have an easy way of enforcing localhost communication.
Check for the KCM, : [root@localhost ~]# oc get kubecontrollermanager cluster -o yaml apiVersion: operator.openshift.io/v1 kind: KubeControllerManager ... spec: logLevel: TraceAll ... unsupportedConfigOverrides: extendedArguments: master: - https://api-int.yinzhou601.qe.devcluster.openshift.com:1234 unsupported-kube-api-over-localhost: - "true" when setting with invalid api, still works well. Check for the KS: [root@localhost ~]# oc get kubescheduler cluster -o yaml apiVersion: operator.openshift.io/v1 kind: KubeScheduler .... spec: logLevel: TraceAll ... unsupportedConfigOverrides: arguments: master: - https://api-int.yinzhou601.qe.devcluster.openshift.com:1234/ unsupported-kube-api-over-localhost: - "true" when setting with invalid api, ks still works well.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.8.2 bug fix and security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2021:2438