Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-7158

Mismatched Health Check Ports in GCP Cluster

XMLWordPrintable

      Description of problem:

      When rh-api's externalTrafficPolicy is set to Cluster (`oc get svc -n openshift-kube-apiserver rh-api -o yaml`) and it is using the default node health check, the port the node is listening on and the port that the kube-controller-manager reconciles for the health check do not match, causing the nodes to fail their health checks in GCP. 

The affected customer has other services on the cluster that have externalTrafficPolicy set to Cluster and are broken because the health check is pointing at a port the _nodes_ aren't listening on.

      Version-Release number of selected component (if applicable):

      OpenShift 4.11.25

      How reproducible:

       

      Steps to Reproduce:

      1. 
2. 
3.

      Actual results:

      Node health check is set to 10256 in cloud provider

      Expected results:

      Node is listening on 10248 so the health check should use that port.

      Additional info:

      10256 is the default for upstream kube-proxy https://github.com/kubernetes/kubernetes/blob/daf0d8d14f2324791bb2261c3173bc1e56efe67a/pkg/cluster/ports/ports.go#L37-L39

https://github.com/openshift/cloud-ingress-operator/pull/275 addresses this issue to some extent by creating clusters with externalTrafficPolicy=Local.

       

       

       

       

            rravaiol@redhat.com Riccardo Ravaioli
            geowa4.openshift George Adams
            Anurag Saxena Anurag Saxena
            Riccardo Ravaioli
            Votes:
            0 Vote for this issue
            Watchers:
            18 Start watching this issue

              Created:
              Updated:
              Resolved: