Uploaded image for project: 'OpenShift API Server'
  1. OpenShift API Server
  2. API-1813

Impact kube-apiserver stuck in updating versions when upgrade from old releases

XMLWordPrintable

    • Icon: Spike Spike
    • Resolution: Done
    • Icon: Critical Critical
    • None
    • None
    • None
    • None
    • False
    • None
    • False

      Impact statement for the OCPBUGS-33963 series:

      Which 4.y.z to 4.y'.z' updates increase vulnerability?

      All updates of affected clusters to 4.16.0+.

      Which types of clusters?

      All, or virtually all, clusters created at a version earlier than 4.8.0 are affected. Clusters created at 4.8.0 or later are not affected.

      What is the impact? Is it serious enough to warrant removing update recommendations? 

      When updating to 4.16.0+, kube-apiserver instances on affected clusters will be unable to decode certain data persisted in etcd and will never become ready.

      How involved is remediation? 

      If any 4.15 kube-apiserver instances remain available, a storage version migration can be manually triggered for the affected resources.

      Is this a regression?

      Yes. Beginning in 4.16.0, kube-apiserver can no longer decode flowcontrol.apiserver.k8s.io/v1alpha1 resources because the entire version has been removed from Kubernetes.

            bluddy Ben Luddy
            trking W. Trevor King
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: