Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-36282

Connection to mutating admission webhooks are initiated and closed abruptly

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Undefined Undefined
    • None
    • 4.13
    • kube-apiserver
    • None
    • Moderate
    • No
    • False
    • Hide

      None

      Show
      None

      Description of problem:

      For some reason, we are observing that the kube-apiserver opens some connections to the pods that server a mutating admission webhook (defined in a mutatingwebhookconfiguration) and then, all of a sudden, issues a TCP connection close right after having sent the TLS client hello (soon before or soon after having received the TLS server hello), i.e. it looks as if it opened connections for nothing, which are seen as "TLS handshake: EOF" errors on the webhook pod (because the TLS handshake cannot indeed be completed because the TCP connection ends too soon). Timing does not suggest that any timeout is reached.

We tried to make some sense from the kube-apiserver logs, tcpdump, strace... but we couldn't find anything, so we need help in reviewing whether this is normal or not and how to fix (if needed).

      Version-Release number of selected component (if applicable):

      4.13.41

      How reproducible:

      Sometimes

      Steps to Reproduce:

      1. Observe pod-identity-webhook pod logs
2. (Optional) tcpdump and/or strace the kube-apiserver

      Actual results:

      TCP connections are opened and then closed suddenly during TLS handshake.

      Expected results:

      No strange (apparently useless) connections

      Additional info:

      In internal comments

            Unassigned Unassigned
            rhn-support-palonsor Pablo Alonso Rodriguez
            Ke Wang Ke Wang
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated: