Bug 2083119 - streamingConnectionIdleTimeout kubelet parameter set to 0
Summary: streamingConnectionIdleTimeout kubelet parameter set to 0
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Node
Version: 4.10
Hardware: Unspecified
OS: Unspecified
unspecified
medium
Target Milestone: ---
: ---
Assignee: Sai Ramesh Vanka
QA Contact: Sunil Choudhary
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2022-05-09 10:42 UTC by Divyam Pateriya
Modified: 2022-05-16 09:20 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2022-05-13 09:59:17 UTC
Target Upstream Version:
Embargoed:
svanka: needinfo-

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Knowledge Base (Solution) 6958348 0 None None None 2022-05-16 09:20:31 UTC

Description Divyam Pateriya 2022-05-09 10:42:20 UTC 
Description of problem:
streamingConnectionIdleTimeout kubelet parameter is set to 0 while creating a KubeletConfig object for allocating resources for nodes


Version-Release number of selected component (if applicable):
4.10

How reproducible:
100%

Steps to Reproduce:

1. Create an OCP cluster on any platform once ready debug the node and check if the streamingConnectionIdleTimeout is set.

# oc debug node/node1.example.com
Starting pod/node1-examplecom-debug...
To use host binaries, run `chroot /host`
Pod IP: 10.189.112.5
If you don't see a command prompt, try pressing enter.
sh-4.4# chroot /host
sh-4.4# grep streamingConnectionIdleTimeout /etc/kubernetes/kubelet.conf

2. Create a kubeletconfig object for node system-reservation.

# cat kubeletconfig.yaml

apiVersion: machineconfiguration.openshift.io/v1
kind: KubeletConfig
metadata:
  name: set-allocatable 
spec:
  machineConfigPoolSelector:
    matchLabels:
      custom-kubelet: small-pods 
  kubeletConfig:
    systemReserved: 
      cpu: 1000m
      memory: 1Gi

# oc label mcp worker "custom-kubelet=small-pods"
# oc create -f kubeletconfig.yaml

3. Once MCP reboots all the worker nodes sequentially, check the streamingConnectionIdleTimeout kubelet parameter again.

# oc debug node/node1.example.com
Starting pod/node1-examplecom-debug...
To use host binaries, run `chroot /host`
Pod IP: 10.189.112.5
If you don't see a command prompt, try pressing enter.
sh-4.4# chroot /host
sh-4.4# grep streamingConnectionIdleTimeout /etc/kubernetes/kubelet.conf
 "streamingConnectionIdleTimeout": "0s",


Actual results:

After creating a kubeletconfig object for manual system-reservation the streamingConnectionIdleTimeout is set to 0. 

Expected results:

The streamingConnectionIdleTimeout kubelet parameter default value should not be modified without manual intervention, ideally, it should not be set and should have the default value of 4h.

Additional info:

Setting up the value of streamingConnectionIdleTimeout parameter to 0s would let the idle connections be present without any time limit, leaving the cluster vulnerable to a DoS attack.

That's why it is not advisable to set it to 0.
Comment 1 Sai Ramesh Vanka 2022-05-10 12:46:20 UTC 
Hi @dpateriy ,

When a kubeletconfig object is created, the new kubelet configuration is serialized using json serialization and /etc/kubernetes/kubelet.conf is updated on the nodes.

During the json serialization, all the values which are not set in the KubeletConfig object are set to "zero" values and hence we observe the zero values in the above mentioned file on a node.

The Kubelet internally sets the values of the parameters to default values if at all found to be zero values.

So, this is not an issue and is working as expected.

Thanks,
Ramesh
Note You need to log in before you can comment on or make changes to this bug.