Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-48502

Static pod operator API accepts invalid node statuses and node status transitions

XMLWordPrintable

    • None
    • Proposed
    • False
    • Hide

      None

      Show
      None
    • Hide
      Previously, API validation did not prevent an authorized client from decreasing the current revision of a static pod operand (like kube-apiserver) or prevent the operand from progressing concurrently on two nodes. Requests that attempt to do either are now rejected.
      Show
      Previously, API validation did not prevent an authorized client from decreasing the current revision of a static pod operand (like kube-apiserver) or prevent the operand from progressing concurrently on two nodes. Requests that attempt to do either are now rejected.
    • Bug Fix
    • In Progress

      This is a clone of issue OCPBUGS-46380. The following is the description of the original issue:

      Description of problem:

      The StaticPodOperatorStatus API validations permit:
- nodeStatuses[].currentRevision can be cleared and can decrease
- more than one entry in nodeStatuses can have a targetRevision > 0
But both of these signal a bug in one or more of the static pod controllers that write to them.

      Version-Release number of selected component (if applicable):

      This has been the case ~forever but we are aware of bugs in 4.18+ that are resulting in controllers trying to make these invalid writes. We also have more expressive validation mechanisms today that make it possible to plug the holes.

      How reproducible:

      Steps to Reproduce:

          1.
    2.
    3.

      Actual results:

      Expected results:

      Additional info:

              bluddy Ben Luddy
              openshift-crt-jira-prow OpenShift Prow Bot
              Ke Wang Ke Wang
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated: