Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-23921

CCM uses MC's KAS instead of HC's KAS

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done-Errata
    • Normal
    • 4.15.0
    • 4.15.0
    • HyperShift
    • None
    • No
    • False
    • Hide

      None

      Show
      None
    • Hide
      Cause:
      Consequence: Cloud Controller Manager relies on management KAS access although it doesn't need it
      Fix: Switched to using guest kubeconfig
      Result: Cloud Controller Manager doesnt need management KAS access
      Show
      Cause: Consequence: Cloud Controller Manager relies on management KAS access although it doesn't need it Fix: Switched to using guest kubeconfig Result: Cloud Controller Manager doesnt need management KAS access
    • Bug Fix
    • In Progress

    Description

      Description of problem:

          The way CCM is deployed, it gets the kubeconfig configuration from the environment it runs on, which is the Management cluster. Thus, it communicates with the Kubernetes Api Server (KAS) of the Management Cluster (MC) instead of the KAS of the Hosted Cluster it is part of.

      Version-Release number of selected component (if applicable):

          4.15.0

      How reproducible:

          100%

      Steps to Reproduce:

          1. Deploy a hosted cluster
    2. oc debug to the node running the HC CCM
    3. crictl ps -a to list all the containers
    4. crictl inspect X  # Where X is the container id of the CCM container
    5. nsenter -n -t pid_of_ccm_container
    6. tcpdump

      Actual results:

          Communication goes to MC KAS

      Expected results:

          Communication goes to HC KAS

      Additional info:

      Attachments

        Issue Links

          blocks

          Bug - A problem that impairs or prevents the functions of the product. OCPBUGS-23936 CCM uses MC's KAS instead of HC's KAS

          • Normal - To be worked after urgent and high priorities are resolved. This term is chosen when the severity of an issue is relatively close to the level of effort to fix it. The existence of an easily implemented workaround can also lead to this priority level instead of a higher priority.
          • Closed
          is cloned by

          Bug - A problem that impairs or prevents the functions of the product. OCPBUGS-23936 CCM uses MC's KAS instead of HC's KAS

          • Normal - To be worked after urgent and high priorities are resolved. This term is chosen when the severity of an issue is relatively close to the level of effort to fix it. The existence of an easily implemented workaround can also lead to this priority level instead of a higher priority.
          • Closed
          is triggered by

          Spike - Represents a research-related task. HOSTEDCP-1282 Investigate if we need KAS access label in cloud controller manager

          • Normal - To be worked after urgent and high priorities are resolved. This term is chosen when the severity of an issue is relatively close to the level of effort to fix it. The existence of an easily implemented workaround can also lead to this priority level instead of a higher priority.
          • Closed
          links to

          GitHub openshift/hypershift#3222: OCPBUGS-23921: Use correct kubeconfig in CCM and remove CCMs access t…

          Web Link RHEA-2023:7198 rpm

          mentioned on

          GitLab Merge request - Bump IBM integration to our latest prod image.

          Activity

            People

              pstefans@redhat.com Patryk Stefanski
              asegurap1@redhat.com Antoni Segura Puimedon
              Jie Zhao Jie Zhao
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: