Loading...

XML

Word

Printable

Type: Bug
Resolution: Done-Errata
Priority: Critical
Fix Version/s: None
Affects Version/s: 4.18.0, 4.19.0
Component/s: kube-apiserver
Labels:
- pre-merge-tested
- rits-work

Regression:
None
Release Blocker:
Proposed
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Release Note Text:

Hide
* Previously, API validation did not prevent an authorized client from decreasing the current revision of a static pod operand, such as kube-apiserver, or prevent the operand from progressing concurrently on two nodes. With this release, requests that attempt to do either are now rejected. (link:https://issues.redhat.com/browse/OCPBUGS-48502[*~~OCPBUGS-48502~~*])

Show
* Previously, API validation did not prevent an authorized client from decreasing the current revision of a static pod operand, such as kube-apiserver, or prevent the operand from progressing concurrently on two nodes. With this release, requests that attempt to do either are now rejected. (link: https://issues.redhat.com/browse/OCPBUGS-48502 [* OCPBUGS-48502 *])
Release Note Type:
Bug Fix
Release Note Status:
Done
Target Version:

4.18.0
Target Backport Versions:

4.18.0

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

This is a clone of issue OCPBUGS-46380. The following is the description of the original issue:
—
Description of problem:

The StaticPodOperatorStatus API validations permit:
- nodeStatuses[].currentRevision can be cleared and can decrease
- more than one entry in nodeStatuses can have a targetRevision > 0
But both of these signal a bug in one or more of the static pod controllers that write to them.

Version-Release number of selected component (if applicable):

This has been the case ~forever but we are aware of bugs in 4.18+ that are resulting in controllers trying to make these invalid writes. We also have more expressive validation mechanisms today that make it possible to plug the holes.

How reproducible:

Steps to Reproduce:

    1.
    2.
    3.

Actual results:

Expected results:

Additional info:

clones

OCPBUGS-46380 Static pod operator API accepts invalid node statuses and node status transitions

Verified

is blocked by

OCPBUGS-46380 Static pod operator API accepts invalid node statuses and node status transitions

Verified

links to

openshift/api#2152: [release-4.18] OCPBUGS-48502: StaticPodOperatorStatus validation should reject downgrades and concurrent node rollouts

RHEA-2024:6122 OpenShift Container Platform 4.18.z bug fix update

Assignee:: Ben Luddy

Reporter:: OpenShift Prow Bot

QA Contact:: Ke Wang

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Created:: 2025/01/16 2:15 PM

Updated:: 2025/02/25 4:53 AM

Resolved:: 2025/02/25 4:53 AM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates