Uploaded image for project: 'OpenShift Virtualization'
  1. OpenShift Virtualization
  2. CNV-21335

[2127947] cluster-network-addons-config tlsSecurityProfle takes a long time to update after setting APIServer

XMLWordPrintable

      Description of problem:
      When setting tlsSecurityProfile in APIServer, it should take up to 60 seconds (the HCO period time) to be updated in cluster-network-addons-operator, but it takes much more (more than 10 minutes)

      Version-Release number of selected component (if applicable):
      OCP 4.12.0-ec.1
      CNV 4.12.0
      hyperconverged-cluster-operator: v4.12.0-65

      How reproducible:
      100%

      Steps to Reproduce:
      1.
      Verify no tlsSecurityProfile is set in HCO:
      $ oc get hco -n openshift-cnv kubevirt-hyperconverged -ojsonpath=

      {.spec.tlsSecurityProfile} | jq
      $

      2.
      Apply a change in APIserver, to set a new tlsEcurityProfile:
      a. $ oc edit apiserver cluster

      b. Add (to .spec):
      spec:
      ...
      tlsSecurityProfile:
      old: {}
      type: Old

      c. Exit the resource edit

      3.
      Check tlsEcurityProdile in NetworkAddonsConfig after 60 seconds (operator cycle time):
      $ oc get NetworkAddonsConfig cluster -ojsonpath={.spec.tlsSecurityProfile}

      ;echo

      Actual results:
      Still not updated
      {"intermediate":{},"type":"Intermediate"}

      Expected results:
      Same setting as in the APIServer:
      {"old":{},"type":"Old"}

      Additional info:
      Not sure it is related, but the log that appears in hco-operator immediately when applying the change in APIServer includes a message saying "No HyperConverged resource":

      2022-09-19T12:22:24.916912997Z

      {"level":"info","ts":1663590144.916714,"logger":"controller_hyperconverged","msg":"Reconciling for openshiftconfigv1.APIServer"}

      2022-09-19T12:22:24.916912997Z

      {"level":"info","ts":1663590144.9168296,"logger":"controller_hyperconverged","msg":"Reconciling for openshiftconfigv1.APIServer"}

      2022-09-19T12:22:24.916998663Z

      {"level":"info","ts":1663590144.9169204,"logger":"controller_hyperconverged","msg":"Triggered by ApiServer CR, refreshing it","Request.Namespace":"openshift-cnv","Request.Name":"api-server-cr-5bdfa811-d680-43c0-9feb-d308c63eaa11"}

      2022-09-19T12:22:24.917475913Z

      {"level":"info","ts":1663590144.9171374,"logger":"controller_hyperconverged","msg":"No HyperConverged resource","Request.Namespace":"openshift-cnv","Request.Name":"api-server-cr-5bdfa811-d680-43c0-9feb-d308c63eaa11"}

            stirabos Simone Tiraboschi
            ysegev@redhat.com Yossi Segev
            Debarati Basu-Nag Debarati Basu-Nag
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: