Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-7158

Mismatched Health Check Ports in GCP Cluster

    XMLWordPrintable

Details

    Description

      Description of problem:

      When rh-api's externalTrafficPolicy is set to Cluster (`oc get svc -n openshift-kube-apiserver rh-api -o yaml`) and it is using the default node health check, the port the node is listening on and the port that the kube-controller-manager reconciles for the health check do not match, causing the nodes to fail their health checks in GCP. 

The affected customer has other services on the cluster that have externalTrafficPolicy set to Cluster and are broken because the health check is pointing at a port the _nodes_ aren't listening on.

      Version-Release number of selected component (if applicable):

      OpenShift 4.11.25

      How reproducible:

       

      Steps to Reproduce:

      1. 
2. 
3.

      Actual results:

      Node health check is set to 10256 in cloud provider

      Expected results:

      Node is listening on 10248 so the health check should use that port.

      Additional info:

      10256 is the default for upstream kube-proxy https://github.com/kubernetes/kubernetes/blob/daf0d8d14f2324791bb2261c3173bc1e56efe67a/pkg/cluster/ports/ports.go#L37-L39

https://github.com/openshift/cloud-ingress-operator/pull/275 addresses this issue to some extent by creating clusters with externalTrafficPolicy=Local.

       

       

       

       

      Attachments

        Issue Links

          is related to

          Bug - A problem that impairs or prevents the functions of the product. OCPBUGS-10486 node healthz server is missing in ovnk

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Bug - A problem that impairs or prevents the functions of the product. OCPBUGS-10487 Enable node healthz server for ovnk in CNO

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed
          relates to

          Spike - Represents a research-related task. SDN-3788 Impact Mismatched Health Check Ports in GCP Cluster

          • Critical - To be worked on immediately following BLOCKER issues.
          • Closed
          links to

          Web Link [release-4.11] OCPBUGS-10487: Enable configuration of node healthz server on ovnkube

          Web Link OCPBUGS-10486: [release-4.11] node: add node healthz server for cloud load balancers

          Activity

            People

              rravaiol@redhat.com Riccardo Ravaioli
              geowa4.openshift George Adams
              Anurag Saxena Anurag Saxena
              Riccardo Ravaioli
              Votes:
              0 Vote for this issue
              Watchers:
              18 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: