Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-59101

HCP operator should set Shared ClusterServiceLoadBalancerHealthProbeMode

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done-Errata
    • Icon: Major Major
    • 4.19.z
    • 4.19.0, 4.20.0
    • HyperShift
    • Quality / Stability / Reliability
    • False
    • Hide

      None

      Show
      None
    • None
    • Important
    • Yes
    • None
    • Rejected
    • None
    • Done
    • Bug Fix
    • Hide
      * Before this update, the {aws-first} Cloud Provider did not set the default ping target of `HTTP:10256/healthz` for the {aws-short} Load Balancer. For the LoadBalancer Services that ran on {aws-short}, the Load Balancer object created in {aws-short} had a ping target of `TCP:32518`. As a consequence, the health probes for cluster-wide services did not work and the services were down during upgrades. With this release, the `ClusterServiceLoadBalancerHealthProbeMode` property of the cloud config is set to `Shared` so that the config is passed to the {aws-short} Cloud Provider. As a result, the {aws-short} Load Balancers have the correct health check ping target of `HTTP:10256/healthzwhich` points to the kube-proxy health endpoints that run on nodes. (link:https://issues.redhat.com/browse/OCPBUGS-59101[OCPBUGS-59101])
      Show
      * Before this update, the {aws-first} Cloud Provider did not set the default ping target of `HTTP:10256/healthz` for the {aws-short} Load Balancer. For the LoadBalancer Services that ran on {aws-short}, the Load Balancer object created in {aws-short} had a ping target of `TCP:32518`. As a consequence, the health probes for cluster-wide services did not work and the services were down during upgrades. With this release, the `ClusterServiceLoadBalancerHealthProbeMode` property of the cloud config is set to `Shared` so that the config is passed to the {aws-short} Cloud Provider. As a result, the {aws-short} Load Balancers have the correct health check ping target of `HTTP:10256/healthzwhich` points to the kube-proxy health endpoints that run on nodes. (link: https://issues.redhat.com/browse/OCPBUGS-59101 [ OCPBUGS-59101 ])
    • None
    • None
    • None
    • None

      As shown in this run of OpenShift conformance tests, the test " Cluster scoped load balancer healthcheck port and path should be 10256/healthz" fails:

      {  fail [github.com/openshift/origin/test/extended/cloud_controller_manager/ccm.go:125]: Expected
          <string>: TCP:31611
      to equal
          <string>: HTTP:10256/healthz
      Ginkgo exit error 1: exit with code 1} 

      In AWS, LoadBalancer services are expected to create AWS LoadBalancers with:

      Ping protocol: HTTP

      Ping port: 10256

      Ping path: healthz

      These values match the kube-proxy running on each node. This change was brought in https://github.com/openshift/cluster-cloud-controller-manager-operator/pull/383 by settting the shared mode for ClusterServiceLoadBalancerHealthProbeMode config element. This change was also backported to 4.19 but not to 4.18. Version 4.18 can't use this flag so it sets the protocol/port in a different way.

      HostedControlPlane doesn't configure the probe mode as can be seen here (CPO v2) and here(CPO v1) so it uses the default mode ServiceNodePort. The ClusterServiceLoadBalancerHealthProbeMode config element should be set here.

      Link to slack discussion

              Unassigned Unassigned
              mgencur@redhat.com Martin Gencur
              None
              None
              Martin Gencur Martin Gencur
              None
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated:
                Resolved: