Loading...

XML

Word

Printable

Type: Bug
Resolution: Done-Errata
Priority: Normal
Fix Version/s: 4.15.0
Affects Version/s: 4.15.0
Component/s: HyperShift
Labels:
None

Regression:
No
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Release Note Text:

Hide
Cause:
Consequence: Cloud Controller Manager relies on management KAS access although it doesn't need it
Fix: Switched to using guest kubeconfig
Result: Cloud Controller Manager doesnt need management KAS access

Show
Cause: Consequence: Cloud Controller Manager relies on management KAS access although it doesn't need it Fix: Switched to using guest kubeconfig Result: Cloud Controller Manager doesnt need management KAS access
Release Note Type:
Bug Fix
Release Note Status:
In Progress
Target Version:

4.15.0

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Description of problem:

    The way CCM is deployed, it gets the kubeconfig configuration from the environment it runs on, which is the Management cluster. Thus, it communicates with the Kubernetes Api Server (KAS) of the Management Cluster (MC) instead of the KAS of the Hosted Cluster it is part of.

Version-Release number of selected component (if applicable):

    4.15.0

How reproducible:

    100%

Steps to Reproduce:

    1. Deploy a hosted cluster
    2. oc debug to the node running the HC CCM
    3. crictl ps -a to list all the containers
    4. crictl inspect X  # Where X is the container id of the CCM container
    5. nsenter -n -t pid_of_ccm_container
    6. tcpdump

Actual results:

    Communication goes to MC KAS

Expected results:

    Communication goes to HC KAS

Additional info:

blocks

OCPBUGS-23936 CCM uses MC's KAS instead of HC's KAS

Closed

is cloned by

OCPBUGS-23936 CCM uses MC's KAS instead of HC's KAS

Closed

is triggered by

HOSTEDCP-1282 Investigate if we need KAS access label in cloud controller manager

Closed

links to

openshift/hypershift#3222: OCPBUGS-23921: Use correct kubeconfig in CCM and remove CCMs access t…

RHEA-2023:7198 rpm

mentioned on

Merge request - Bump IBM integration to our latest prod image.

(1 mentioned on)

Assignee:: Patryk Stefanski

Reporter:: Antoni Segura Puimedon

QA Contact:: Jie Zhao

Votes:: 0 Vote for this issue

Watchers:: 6 Start watching this issue

Created:: 2023/11/24 11:44 AM

Updated:: 2024/02/27 9:02 PM

Resolved:: 2024/02/27 9:02 PM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates