Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-28866

containers of kube-apiserver are based different RHEL releases

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Undefined Undefined
    • None
    • 4.14.z, 4.15.0, 4.16.0
    • Release
    • Critical
    • No
    • Rejected
    • False
    • Hide

      None

      Show
      None

      Description of problem:

      containers of kube-apiserver are based on different RHEL releases, some are based on RHEL9.2, some are RHEL 8.6

      Version-Release number of selected component (if applicable):

      $ oc get clusterversion
NAME      VERSION                              AVAILABLE   PROGRESSING   SINCE   STATUS
version   4.16.0-0.nightly-2024-02-02-002725   True        False         4h45m   Cluster version is 4.16.0-0.nightly-2024-02-02-002725

      How reproducible:

      Always

      Steps to Reproduce:

      $ hostedcluster=$( oc get -n clusters hostedclusters -o json | jq -r .items[].metadata.name)
$ kas_pod=$(oc get po -n clusters-${hostedcluster} -l app=kube-apiserver --no-headers | awk '{print $1}' | head -1)
$ kcs=$(oc get pod $kas_pod -n clusters-${hostedcluster}  -o jsonpath='{.spec.containers[*].name}')
$ for c in `echo $kcs`;do echo "--> $c"; oc exec -n clusters-${hostedcluster}  $kas_pod -c $c -- cat /etc/redhat-release;done
--> apply-bootstrap
Red Hat Enterprise Linux release 8.6 (Ootpa)
--> kube-apiserver
Red Hat Enterprise Linux release 9.2 (Plow)
--> konnectivity-server
Red Hat Enterprise Linux release 9.2 (Plow)
--> audit-logs
Red Hat Enterprise Linux release 8.6 (Ootpa)
--> aws-pod-identity-webhook
Red Hat Enterprise Linux release 9.2 (Plow)

      Actual results:

      containers of kube-apiserver are based different RHEL 9.2 and 8.6

      Expected results:

      containers of kube-apiserver are based RHEL 9.2

      Additional info:

      Not see this problem on openshift-apiserver and openshift-oauth-apiserver, see below:

$ oas_pod=$(oc get po -n clusters-${hostedcluster} -l app=openshift-apiserver --no-headers | awk '{print $1}' | head -1)
$ oas_cs=$(oc get pod $oas_pod -n clusters-${hostedcluster}  -o jsonpath='{.spec.containers[*].name}')
$ for c in `echo $oas_cs`;do echo "--> $c"; oc exec -n clusters-${hostedcluster}  $oas_pod -c $c -- cat /etc/redhat-release;done
--> openshift-apiserver
Red Hat Enterprise Linux release 9.2 (Plow)
--> audit-logs
Red Hat Enterprise Linux release 9.2 (Plow)
--> socks5-proxy
Red Hat Enterprise Linux release 9.2 (Plow)

$ oauth_pod=$(oc get po -n clusters-${hostedcluster} -l app=oauth-openshift --no-headers | awk '{print $1}' | head -1)
$ oauth_cs=$(oc get pod $oauth_pod -n clusters-${hostedcluster}  -o jsonpath='{.spec.containers[*].name}')
$ for c in `echo $oauth_cs`;do echo "--> $c"; oc exec -n clusters-${hostedcluster}  $oauth_pod -c $c -- cat /etc/redhat-release;done
--> oauth-server
Red Hat Enterprise Linux release 9.2 (Plow)
--> socks-proxy
Red Hat Enterprise Linux release 9.2 (Plow)

-----------------
This problem is not seen on OCP 4.16, see below,
$ kas_pod=$(oc get po -n openshift-kube-apiserver -l apiserver --no-headers | awk '{print $1}' | head -1)
$ kcs=$(oc get pod $kas_pod -n openshift-kube-apiserver  -o jsonpath='{.spec.containers[*].name}')
$ for c in `echo $kcs`;do echo "--> $c"; oc exec -n openshift-kube-apiserver  $kas_pod -c $c -- cat /etc/redhat-release;done
--> kube-apiserver
Red Hat Enterprise Linux release 9.2 (Plow)
--> kube-apiserver-cert-syncer
Red Hat Enterprise Linux release 9.2 (Plow)
--> kube-apiserver-cert-regeneration-controller
Red Hat Enterprise Linux release 9.2 (Plow)
--> kube-apiserver-insecure-readyz
Red Hat Enterprise Linux release 9.2 (Plow)
--> kube-apiserver-check-endpoints
Red Hat Enterprise Linux release 9.2 (Plow)

            jdelft Joep van Delft
            wk2019 Ke Wang
            Jie Zhao Jie Zhao
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated: