Bug 2029504 - kube-apiserver audit logs show a lot of 404 errors for DELETE "*/secrets/encryption-config" on single node clusters
Summary: kube-apiserver audit logs show a lot of 404 errors for DELETE "*/secrets/encr...
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: openshift-apiserver
Version: 4.9
Hardware: Unspecified
OS: Unspecified
Target Milestone: ---
: 4.9.z
Assignee: Damien Grisonnet
QA Contact: Rahul Gangwar
Whiteboard: LifecycleReset
Depends On: 1982726
TreeView+ depends on / blocked
Reported: 2021-12-06 16:36 UTC by Damien Grisonnet
Modified: 2022-02-10 06:33 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of: 1982726
Last Closed: 2022-02-10 06:33:21 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Github openshift cluster-authentication-operator pull 535 0 None Merged Bug 2037274: starter.go: add invalidCertsController 2022-01-28 14:21:10 UTC
Github openshift cluster-kube-apiserver-operator pull 1268 0 None open [release-4.9] Bug 2029504: encryption-controller: sync secrets conditionally 2021-12-07 08:39:48 UTC
Github openshift cluster-openshift-apiserver-operator pull 487 0 None open [release-4.9] Bug 2029504: encryption-controller: sync secrets conditionally 2021-12-06 16:56:54 UTC
Red Hat Product Errata RHBA-2022:0340 0 None None None 2022-02-10 06:33:38 UTC

Comment 4 Rahul Gangwar 2022-01-31 06:06:57 UTC
 oc get clusterversion
NAME      VERSION                             AVAILABLE   PROGRESSING   SINCE   STATUS
version   4.9.0-0.nightly-2022-01-28-192738   True        False         14m     Cluster version is 4.9.0-0.nightly-2022-01-28-192738

oc get node
NAME                                                    STATUS   ROLES           AGE   VERSION
rgangwar-31de8-mlsmr-master-0.c.openshift-qe.internal   Ready    master,worker   27m   v1.22.3+2cb6068
rahulgangwar@rgangwar-mac openshift-tests-private % oc debug node/rgangwar-31de8-mlsmr-master-0.c.openshift-qe.internal
Starting pod/rgangwar-31de8-mlsmr-master-0copenshift-qeinternal-debug ...
To use host binaries, run `chroot /host`
Pod IP:
If you don't see a command prompt, try pressing enter.
sh-4.4# chroot /host
sh-4.4# cd /var/log/kube-apiserver
sh-4.4# sudo cat *audit-*.log | jq 'select(.responseStatus.code >= 400) | select(.requestURI | test("encryption"))'|wc -l 
sh-4.4# sudo cat *audit-*.log | jq 'select(.responseStatus.code >= 400) | select(.requestURI | test("encryption"))'>enc  
sh-4.4# grep '"code": 404' enc | wc -l

Got less 404 errors than before, based this result, move the bug VERIFIED.

Comment 7 errata-xmlrpc 2022-02-10 06:33:21 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (OpenShift Container Platform 4.9.19 bug fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.