1969626 – Portfoward stream cleanup can cause kubelet to panic

Bug 1969626 - Portfoward stream cleanup can cause kubelet to panic

Summary: Portfoward stream cleanup can cause kubelet to panic

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	Node
Sub Component:
Version:	4.8
Hardware:	Unspecified
OS:	Unspecified
Priority:	urgent
Severity:	high
Target Milestone:	---
Target Release:	4.8.0
Assignee:	Elana Hashman
QA Contact:	Sunil Choudhary
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2021-06-08 18:47 UTC by Elana Hashman
Modified:	2021-07-27 23:12 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Doc Type:	No Doc Update
Doc Text:
Clone Of:
Environment:
Last Closed:	2021-07-27 23:12:15 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Github	kubernetes kubernetes issues 102480	None	closed	kubelet: Panic on portforward streams	2021-06-08 18:47:53 UTC
Github	openshift kubernetes pull 796	None	open	Bug 1969626: UPSTREAM: 102587: kubelet: Revert "Cleanup portforward streams after their usage"	2021-06-08 18:51:25 UTC
Red Hat Product Errata	RHSA-2021:2438	None	None	None	2021-07-27 23:12:29 UTC

Description Elana Hashman 2021-06-08 18:47:20 UTC

Description of problem: See https://github.com/kubernetes/kubernetes/issues/102480

Backport patch https://github.com/kubernetes/kubernetes/commit/b14bd44f33d93e1ee64c1d68fa7591d79eac5893 from 1.21.1 needs to be reverted (i.e. take https://github.com/kubernetes/kubernetes/pull/102587)


Version-Release number of selected component (if applicable): OpenShift 4.8 as of 1.21.1 rebase


How reproducible:

Not reproducible in OpenShift because CRI-O does not vendor Kubernetes 1.21.1 yet: https://github.com/cri-o/cri-o/blob/478f49d4f5e005226ac7460edcb2ed21d804960f/go.mod#L99

Believe this only affects dockershim currently.

Containerd also has not yet updated code to the affected version: https://github.com/containerd/containerd/blob/261c107ffc4ff681bc73988f64e3f60c32233b37/pkg/cri/streaming/portforward/httpstream.go#L171

We want to back this out ASAP just to be safe.


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:

Comment 1 Elana Hashman 2021-06-08 19:29:33 UTC

Note: OpenShift 4.7 and 4.6 are not affected, did not take the backports.

Comment 2 Elana Hashman 2021-06-08 19:30:43 UTC

Not a release blocker because as far as we know there's no impact on OpenShift/CRI-O. This is a proactive backport of the upstream fix/revert before 4.8 freeze.

Comment 7 errata-xmlrpc 2021-07-27 23:12:15 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.8.2 bug fix and security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2021:2438

Note You need to log in before you can comment on or make changes to this bug.