Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-34117

Cloud credential operator logs two errors per second when awsSTSIAMRoleARN is empty

XMLWordPrintable

    • Moderate
    • No
    • False
    • Hide

      None

      Show
      None
    • Hide
      * Previously, in Amazon Web Services (AWS) security token service (STS), Cloud Credential Operator (CCO) checked `awsSTSIAMRoleARN` in `CredentialsRequest` to create the secret. When awsSTSIAMRoleARN was not present, CCO logged the error. With this release, CCO no longer logs the error and the bug is fixed. (link:https://issues.redhat.com/browse/OCPBUGS-34117[*OCPBUGS-34117*])
      __________
      *Cause*: In AWS STS cluster, CCO checks awsSTSIAMRoleARN in CredentialsRequest to create the secret.
      *Consequence*: When awsSTSIAMRoleARN is not present, CCO logs the error
      *Fix*: CCO enhances to not log the error
      *Result*: Bug doesn’t present anymore.
      Show
      * Previously, in Amazon Web Services (AWS) security token service (STS), Cloud Credential Operator (CCO) checked `awsSTSIAMRoleARN` in `CredentialsRequest` to create the secret. When awsSTSIAMRoleARN was not present, CCO logged the error. With this release, CCO no longer logs the error and the bug is fixed. (link: https://issues.redhat.com/browse/OCPBUGS-34117 [* OCPBUGS-34117 *]) __________ *Cause*: In AWS STS cluster, CCO checks awsSTSIAMRoleARN in CredentialsRequest to create the secret. *Consequence*: When awsSTSIAMRoleARN is not present, CCO logs the error *Fix*: CCO enhances to not log the error *Result*: Bug doesn’t present anymore.
    • Bug Fix
    • Done

      This is a clone of issue OCPBUGS-33566. The following is the description of the original issue:

      Description of problem:

      When the cloud-credential operator is used in manual mode, and awsSTSIAMRoleARN is not present in the secret operator pods, it throws aggressive errors every second. 

One of the customer concern about the number of errors from the operator pods

Two errors per second
============================
time="2024-05-10T00:43:45Z" level=error msg="error syncing credentials: an empty awsSTSIAMRoleARN was found so no Secret was created" controller=credreq cr=openshift-cloud-credential-operator/aws-ebs-csi-driver-operator secret=openshift-cluster-csi-drivers/ebs-cloud-credentials

time="2024-05-10T00:43:46Z" level=error msg="errored with condition: CredentialsProvisionFailure" controller=credreq cr=openshift-cloud-credential-operator/aws-ebs-csi-driver-operator secret=openshift-cluster-csi-drivers/ebs-cloud-credentials

      Version-Release number of selected component (if applicable):

          4.15.3

      How reproducible:

          Always present in managed rosa clusters

      Steps to Reproduce:

          1.create a rosa cluster 
    2.check the errors of cloud credentials operator pods 
    3.

      Actual results:

          The CCO logs continually throw errors

      Expected results:

          The CCO logs should not be continually throwing these errors.

      Additional info:

          The focus of this bug is only to remove the error lines from the logs. The underlying issue, of continually attempting to reconcile the CRs will be handled by other bugs.

            jstuever@redhat.com Jeremiah Stuever
            openshift-crt-jira-prow OpenShift Prow Bot
            Jianping Shu Jianping Shu
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

              Created:
              Updated:
              Resolved: