Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-17825

Cannot get latest services ConfigMap from custom namespace

XMLWordPrintable

    • Critical
    • No
    • 0
    • WINC - Sprint 241, WINC - Sprint 242
    • 2
    • False
    • Hide

      None

      Show
      None
    • Hide
      Cause: The Windows Instance Config Daemon's ClusterRoleBinding was not getting deleted and recreated when the namespace where the operator is installed is not the default
      Consequence: Windows instances were not get configured into nodes
      Fix: WMCO was fixed to and ensure that WICD ClusterRoleBindings and RoleBindings are recreated when WMCO is deployed in a non-default namespace
      Result: Windows instances are configured into nodes
      Show
      Cause: The Windows Instance Config Daemon's ClusterRoleBinding was not getting deleted and recreated when the namespace where the operator is installed is not the default Consequence: Windows instances were not get configured into nodes Fix: WMCO was fixed to and ensure that WICD ClusterRoleBindings and RoleBindings are recreated when WMCO is deployed in a non-default namespace Result: Windows instances are configured into nodes
    • Bug Fix

      This is a clone of issue OCPBUGS-15838. The following is the description of the original issue:

      This is a clone of issue OCPBUGS-15461. The following is the description of the original issue:

      Description of problem:

      Installing WMCO on AWS/Nutaix in a different namespace is failing, nodes are missing machines Stuck in provisioning state. 

      Version-Release number of selected component (if applicable):

      4.14 9.0.0-c2b5660

      How reproducible:

      100%

      Steps to Reproduce:

      1.Installed WMCO in the default namespace
      2. create a machineset of 2 replicas waited for them to be up and running
      3. Create new namespace winc-namespace-test with openshift.io/cluster-monitoring: "True" 
      4. Scale down machineset to 0
      5. delete the openshift-windows-machine-config-operator namesapace
      6. Install the cloud-private-key 
      7. install the operator group
      8. install the subscription 
      9. scale up windows machineset to 1 replica after the custom namespace created properly 
      
      

      Actual results:

      Windows machines are not scaling up with the custom namespace number of Windwos nodes is 0
      
      

      Expected results:

      Scaling up with a new namespace 

      Additional info:

      oc get rolebinding -n winc-namespace-test
      NAME                                                              ROLE                                                                   AGE
      prometheus-k8s                                                    Role/prometheus-k8s                                                    25m
      system:deployers                                                  ClusterRole/system:deployer                                            26m
      system:image-builders                                             ClusterRole/system:image-builder                                       26m
      system:image-pullers                                              ClusterRole/system:image-puller                                        26m
      windows-instance-config-daemon                                    Role/windows-instance-config-daemon                                    25m
      windows-machine-config-operator.v9.0.0                            Role/windows-machine-config-operator.v9.0.0                            25m
      windows-machine-config-operator.v9.0.0-windows-machi-5c975c9cb9   Role/windows-machine-config-operator.v9.0.0-windows-machi-5c975c9cb9   25m
      
      oc get roles -n winc-namespace-test
      NAME                                                              CREATED AT
      manager-role                                                      2023-06-26T15:56:25Z
      prometheus-k8s                                                    2023-06-26T15:56:25Z
      windows-instance-config-daemon                                    2023-06-26T15:56:25Z
      windows-machine-config-operator.v9.0.0                            2023-06-26T15:56:24Z
      windows-machine-config-operator.v9.0.0-windows-machi-5c975c9cb9   2023-06-26T15:56:26Z
      
      oc get rolebinding -n winc-namespace-test windows-machine-config-operator.v9.0.0 -oyaml
      apiVersion: rbac.authorization.k8s.io/v1
      kind: RoleBinding
      metadata:
        creationTimestamp: "2023-06-26T15:56:24Z"
        name: windows-machine-config-operator.v9.0.0
        namespace: winc-namespace-test
        ownerReferences:
        - apiVersion: operators.coreos.com/v2
          blockOwnerDeletion: false
          controller: true
          kind: OperatorCondition
          name: windows-machine-config-operator.v9.0.0
          uid: 8cdd4afa-e8a2-4d25-993a-99191d3d735f
        resourceVersion: "231139"
        uid: 5e0df1c7-ba9f-48ee-ae3e-acf7043ae211
      roleRef:
        apiGroup: rbac.authorization.k8s.io
        kind: Role
        name: windows-machine-config-operator.v9.0.0
      subjects:
      - kind: ServiceAccount
        name: windows-machine-config-operator
      - kind: ServiceAccount
        name: windows-machine-config-operatorRonnie  19 hours ago
      apiVersion: rbac.authorization.k8s.io/v1
      kind: RoleBinding
      metadata:
        creationTimestamp: "2023-06-26T15:56:24Z"
        name: windows-machine-config-operator.v9.0.0
        namespace: winc-namespace-test
        ownerReferences:
        - apiVersion: operators.coreos.com/v2
          blockOwnerDeletion: false
          controller: true
          kind: OperatorCondition
          name: windows-machine-config-operator.v9.0.0
          uid: 8cdd4afa-e8a2-4d25-993a-99191d3d735f
        resourceVersion: "231139"
        uid: 5e0df1c7-ba9f-48ee-ae3e-acf7043ae211
      roleRef:
        apiGroup: rbac.authorization.k8s.io
        kind: Role
        name: windows-machine-config-operator.v9.0.0
      subjects:
      - kind: ServiceAccount
        name: windows-machine-config-operator
      - kind: ServiceAccount
        name: windows-machine-config-operator
      
      {"level":"info","ts":"2023-06-27T11:16:45Z","logger":"wc 10.0.140.19","msg":"configuring"}
      {"level":"error","ts":"2023-06-27T11:16:48Z","logger":"wc 10.0.140.19","msg":"error running","cmd":"powershell.exe -NonInteractive -ExecutionPolicy Bypass \"C:\\k\\windows-instance-config-daemon.exe cleanup --kubeconfig C:\\k\\wicd-kubeconfig --namespace winc-namespace-test\"","out":"F0627 11:16:48.322957    3596 cleanup.go:51] cannot get latest services ConfigMap from namespace winc-namespace-test: configmaps is forbidden: User \"system:serviceaccount:winc-namespace-test:windows-instance-config-daemon\" cannot list resource \"configmaps\" in API group \"\" in the namespace \"winc-namespace-test\"\n","error":"Process exited with status 1","stacktrace":"github.com/openshift/windows-machine-config-operator/pkg/windows.(*windows).Run\n\t/remote-source/build/windows-machine-config-operator/pkg/windows/windows.go:381\ngithub.com/openshift/windows-machine-config-operator/pkg/windows.(*windows).RunWICDCleanup\n\t/remote-source/build/windows-machine-config-operator/pkg/windows/windows.go:408\ngithub.com/openshift/windows-machine-config-operator/pkg/windows.(*windows).Bootstrap\n\t/remote-source/build/windows-machine-config-operator/pkg/windows/windows.go:434\ngithub.com/openshift/windows-machine-config-operator/pkg/nodeconfig.(*nodeConfig).Configure\n\t/remote-source/build/windows-machine-config-operator/pkg/nodeconfig/nodeconfig.go:159\ngithub.com/openshift/windows-machine-config-operator/controllers.(*instanceReconciler).ensureInstanceIsUpToDate\n\t/remote-source/build/windows-machine-config-operator/controllers/controllers.go:84\ngithub.com/openshift/windows-machine-config-operator/controllers.(*WindowsMachineReconciler).configureMachine\n\t/remote-source/build/windows-machine-config-operator/controllers/windowsmachine_controller.go:432\ngithub.com/openshift/windows-machine-config-operator/controllers.(*WindowsMachineReconciler).Reconcile\n\t/remote-source/build/windows-machine-config-operator/controllers/windowsmachine_controller.go:353\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Reconcile\n\t/remote-source/build/windows-machine-config-operator/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:118\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler\n\t/remote-source/build/windows-machine-config-operator/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:314\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem\n\t/remote-source/build/windows-machine-config-operator/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:265\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2.2\n\t/remote-source/build/windows-machine-config-operator/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:226"}
      {"level":"info","ts":"2023-06-27T11:16:48Z","logger":"wc 10.0.140.19","msg":"failed to cleanup node","command":"C:\\k\\windows-instance-config-daemon.exe cleanup --kubeconfig C:\\k\\wicd-kubeconfig --namespace winc-namespace-test","output":"F0627 11:16:48.322957    3596 cleanup.go:51] cannot get latest services ConfigMap from namespace winc-namespace-test: configmaps is forbidden: User \"system:serviceaccount:winc-namespace-test:windows-instance-config-daemon\" cannot list resource \"configmaps\" in API group \"\" in the namespace \"winc-namespace-test\"\n"}

              paravindh Aravindh Puthiyaparambil (Inactive)
              openshift-crt-jira-prow OpenShift Prow Bot
              Aharon Rasouli Aharon Rasouli
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated:
                Resolved: