Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-46429

Too many pending CSRs lead to scaleup failures when scaling to 500 nodes

XMLWordPrintable

    • No
    • CLOUD Sprint 263, CLOUD Sprint 264
    • 2
    • False
    • Hide

      None

      Show
      None
    • Hide
      Cause: The CSR approver was including certificates from other systems within its own calculations for whether or not it was overwhelmed and should stop approving certificates
      Consequence: In larger clusters, with other subsystems using CSRs, the CSR approver would determine that there were many unapproved CSRs, and prevent further approvals
      Fix: The CSR approver now only includes CSRs that it can approve, using the signerName property as a filter
      Result: The CSR approver will only prevent new approvals when there are a large number of CSRs, for the signerName values that it observes, that it has not been able to approve
      Show
      Cause: The CSR approver was including certificates from other systems within its own calculations for whether or not it was overwhelmed and should stop approving certificates Consequence: In larger clusters, with other subsystems using CSRs, the CSR approver would determine that there were many unapproved CSRs, and prevent further approvals Fix: The CSR approver now only includes CSRs that it can approve, using the signerName property as a filter Result: The CSR approver will only prevent new approvals when there are a large number of CSRs, for the signerName values that it observes, that it has not been able to approve
    • Bug Fix
    • In Progress

      This is a clone of issue OCPBUGS-46425. The following is the description of the original issue:

      This is a clone of issue OCPBUGS-36404. The following is the description of the original issue:

      Description of problem:
      machine-approver logs

      E0221 20:29:52.377443       1 controller.go:182] csr-dm7zr: Pending CSRs: 1871; Max pending allowed: 604. Difference between pending CSRs and machines > 100. Ignoring all CSRs as too many recent pending CSRs seen

      .

      oc get csr |wc -l
3818
oc get csr |grep "node-bootstrapper" |wc -l
2152

      By approving the pending CSR manually I can get the cluster to scaleup.

      We can increase the maxPending to a higher number https://github.com/openshift/cluster-machine-approver/blob/2d68698410d7e6239dafa6749cc454272508db19/pkg/controller/controller.go#L330 

       

              rmanak@redhat.com Radek Manak
              openshift-crt-jira-prow OpenShift Prow Bot
              Zhaohua Sun Zhaohua Sun
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated: