Skip to content

[fcos] pkg/server: serve config only to master in bootstrap server #1423

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
openshift-merge-robot merged 1 commit into from
Jan 30, 2020
Merged

[fcos] pkg/server: serve config only to master in bootstrap server #1423

openshift-merge-robot merged 1 commit into from
Jan 30, 2020

Conversation

@openshift-cherrypick-robot
Copy link

@openshift-cherrypick-robot openshift-cherrypick-robot commented Jan 30, 2020

This is an automated cherry-pick of #1421

/assign vrutkovs

@runcom
pkg/server: serve config only to master in bootstrap server
c894879 
The new cluster etcd operator flow is:

1) start bootstrap mcs
2) start etcd on bootstrap
3) wait for bootstrapping to finish i.e. atleast one control-plane is ready and there is MCS running on cluster
4) turn down bootstrap mcs

What the above does is giving a chance to workers to grab
the ignition config from the bootstap server which now stays up longer.
However, by the time they attempt to create a CSR the kube-apiserver has
rotated that bootstrap chain of trust out which causes the workers to error out with:

Jan 29 19:55:20 ip-10-0-130-205 hyperkube[2623]: E0129 19:55:20.869251    2623 certificate_manager.go:421] Failed while requesting a signed certificate from the master: cannot create certificate signing request: Unauthorized

The above results in workers not being able to join the cluster eventually.

What this patch does is denying serving the configuration to all pools but master
within the bootstrap server, effectively delaying workers to grab the wrong config
from the wrong server. Workers will keep polling for configuration and they'll
eventually grab the correct one from the server running within the new cluster.

Signed-off-by: Antonio Murdaca <[email protected]>
@openshift-cherrypick-robot openshift-cherrypick-robot mentioned this pull request Jan 30, 2020
Merged
@openshift-ci-robot
Copy link
Contributor

openshift-ci-robot commented Jan 30, 2020

@openshift-cherrypick-robot: This pull request references Bugzilla bug 1796147, which is invalid:

  • expected the bug to be in one of the following states: NEW, ASSIGNED, ON_DEV, POST, POST, but it is ON_QA instead
  • expected Bugzilla bug 1796147 to depend on a bug in one of the following states: VERIFIED, RELEASE_PENDING, CLOSED (ERRATA), but no dependents were found

Comment /bugzilla refresh to re-evaluate validity if changes to the Bugzilla bug are made, or edit the title of this pull request to link to a different bug.

Details

In response to this:

[fcos] Bug 1796147: pkg/server: serve config only to master in bootstrap server

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openshift-ci-robot openshift-ci-robot added bugzilla/invalid-bug Indicates that a referenced Bugzilla bug is invalid for the branch this PR is targeting. size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Jan 30, 2020
@vrutkovs
Copy link
Contributor

vrutkovs commented Jan 30, 2020

/retitle [fcos] pkg/server: serve config only to master in bootstrap server

@openshift-ci-robot openshift-ci-robot changed the title [fcos] Bug 1796147: pkg/server: serve config only to master in bootstrap server [fcos] pkg/server: serve config only to master in bootstrap server Jan 30, 2020
@openshift-ci-robot
Copy link
Contributor

openshift-ci-robot commented Jan 30, 2020

@openshift-cherrypick-robot: No Bugzilla bug is referenced in the title of this pull request.
To reference a bug, add 'Bug XXX:' to the title of this pull request and request another bug refresh with /bugzilla refresh.

Details

In response to this:

[fcos] pkg/server: serve config only to master in bootstrap server

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openshift-ci-robot openshift-ci-robot removed the bugzilla/invalid-bug Indicates that a referenced Bugzilla bug is invalid for the branch this PR is targeting. label Jan 30, 2020
@vrutkovs
Copy link
Contributor

vrutkovs commented Jan 30, 2020

/retitle [fcos] Bug 179491: pkg/server: serve config only to master in bootstrap server

@openshift-ci-robot openshift-ci-robot changed the title [fcos] pkg/server: serve config only to master in bootstrap server [fcos] Bug 179491: pkg/server: serve config only to master in bootstrap server Jan 30, 2020
@openshift-ci-robot
Copy link
Contributor

openshift-ci-robot commented Jan 30, 2020

@openshift-cherrypick-robot: This pull request references Bugzilla bug 179491, which is invalid:

  • expected the bug to be open, but it isn't
  • expected the bug to be in one of the following states: NEW, ASSIGNED, ON_DEV, POST, POST, but it is CLOSED (RAWHIDE) instead
  • expected Bugzilla bug 179491 to depend on a bug in one of the following states: VERIFIED, RELEASE_PENDING, CLOSED (ERRATA), but no dependents were found

Comment /bugzilla refresh to re-evaluate validity if changes to the Bugzilla bug are made, or edit the title of this pull request to link to a different bug.

Details

In response to this:

[fcos] Bug 179491: pkg/server: serve config only to master in bootstrap server

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openshift-ci-robot openshift-ci-robot added the bugzilla/invalid-bug Indicates that a referenced Bugzilla bug is invalid for the branch this PR is targeting. label Jan 30, 2020
@vrutkovs
Copy link
Contributor

vrutkovs commented Jan 30, 2020

/retitle [fcos] Bug 1796491: pkg/server: serve config only to master in bootstrap server

@openshift-ci-robot openshift-ci-robot changed the title [fcos] Bug 179491: pkg/server: serve config only to master in bootstrap server [fcos] Bug 1796491: pkg/server: serve config only to master in bootstrap server Jan 30, 2020
@openshift-ci-robot
Copy link
Contributor

openshift-ci-robot commented Jan 30, 2020

@openshift-cherrypick-robot: This pull request references Bugzilla bug 1796491, which is invalid:

  • expected Bugzilla bug 1796491 to depend on a bug in one of the following states: VERIFIED, RELEASE_PENDING, CLOSED (ERRATA), but no dependents were found

Comment /bugzilla refresh to re-evaluate validity if changes to the Bugzilla bug are made, or edit the title of this pull request to link to a different bug.

Details

In response to this:

[fcos] Bug 1796491: pkg/server: serve config only to master in bootstrap server

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@ashcrow
Copy link
Member

ashcrow commented Jan 30, 2020

@vrutkovs does fcos have the same BZ requirements as OCP/RHCOS?

@openshift-ci-robot openshift-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jan 30, 2020
@vrutkovs
Copy link
Contributor

vrutkovs commented Jan 30, 2020

does fcos have the same BZ requirements as OCP/RHCOS?

no, not really. I'll close it manually since it only affects FCOS

@vrutkovs
Copy link
Contributor

vrutkovs commented Jan 30, 2020

/retitle [fcos] pkg/server: serve config only to master in bootstrap server

@openshift-ci-robot openshift-ci-robot changed the title [fcos] Bug 1796491: pkg/server: serve config only to master in bootstrap server [fcos] pkg/server: serve config only to master in bootstrap server Jan 30, 2020
@openshift-ci-robot openshift-ci-robot removed the bugzilla/invalid-bug Indicates that a referenced Bugzilla bug is invalid for the branch this PR is targeting. label Jan 30, 2020
@openshift-ci-robot
Copy link
Contributor

openshift-ci-robot commented Jan 30, 2020

@openshift-cherrypick-robot: No Bugzilla bug is referenced in the title of this pull request.
To reference a bug, add 'Bug XXX:' to the title of this pull request and request another bug refresh with /bugzilla refresh.

Details

In response to this:

[fcos] pkg/server: serve config only to master in bootstrap server

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@sdodson sdodson added the bugzilla/valid-bug Indicates that a referenced Bugzilla bug is valid for the branch this PR is targeting. label Jan 30, 2020
@openshift-ci-robot
Copy link
Contributor

openshift-ci-robot commented Jan 30, 2020

@openshift-cherrypick-robot: The following test failed, say /retest to rerun all failed tests:

Test name Commit Details Rerun command
ci/prow/e2e-aws c894879 link /test e2e-aws

Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

@vrutkovs
Copy link
Contributor

vrutkovs commented Jan 30, 2020

/override ci/prow/e2e-aws

Known flakes

@openshift-ci-robot
Copy link
Contributor

openshift-ci-robot commented Jan 30, 2020

@vrutkovs: Overrode contexts on behalf of vrutkovs: ci/prow/e2e-aws

Details

In response to this:

/override ci/prow/e2e-aws

Known flakes

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@vrutkovs
Copy link
Contributor

vrutkovs commented Jan 30, 2020

/lgtm

@openshift-ci-robot openshift-ci-robot added the lgtm Indicates that a PR is ready to be merged. label Jan 30, 2020
@openshift-ci-robot
Copy link
Contributor

openshift-ci-robot commented Jan 30, 2020

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: ashcrow, openshift-cherrypick-robot, vrutkovs

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-merge-robot openshift-merge-robot merged commit 9de672e into openshift:fcos Jan 30, 2020
@SriRamanujam SriRamanujam mentioned this pull request Mar 9, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ashcrow ashcrow ashcrow approved these changes

@vrutkovs vrutkovs Awaiting requested review from vrutkovs

Assignees

@vrutkovs vrutkovs

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. bugzilla/valid-bug Indicates that a referenced Bugzilla bug is valid for the branch this PR is targeting. lgtm Indicates that a PR is ready to be merged. size/M Denotes a PR that changes 30-99 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

7 participants

@openshift-cherrypick-robot @openshift-ci-robot @vrutkovs @ashcrow @sdodson @openshift-merge-robot @runcom