Uploaded image for project: 'OpenShift Service Mesh'
  1. OpenShift Service Mesh
  2. OSSM-1321

Enabling "validationMessages" in the SMCP causes istiod pod to log "Error writing Distribution Report: unable to create ConfigMap" twice per second

XMLWordPrintable

    • Sprint 56, Sprint 57, Sprint 58 - week 1

      Description:

      The customer enables configuration property `validationMessages` that enables analysis of Istio configuration and state.
      When this feature is enabled, Istio runs a reporter goroutine that tries to create a config map with report details every 500 ms (the default interval), but it always fails, because of insufficient permissions:

      2022-04-07T09:55:11.307304Z     error   status  Error writing Distribution Report: unable to create ConfigMap: configmaps "istiod-basic-6749d8fc55-2ll7s-distribution" is forbidden: cannot set blockOwnerDeletion if an ownerReference refers to a resource you can't set finalizers on: , <nil> 

      It seems that the role assigned to istiod misses rules "create" or "update" for resource "deployments/finalizers".

      Similar issue: https://github.com/istio/istio/issues/10311

      Another solution could be to remove owner reference from created config map.

      Acceptance criteria:

      • customers can enable validationMessages and istiod does not log errors

      For QE:

      • istiod should not log errors when "validationMessages" option is enabled
      • statuses of Istio objects are updated when they are misconfigured; you can follow this guide to test validation messages

       

      Original description:

      ServiceMeshControlPlane configuration:

      # oc get smcp -n istio-system basic -o yaml
      apiVersion: maistra.io/v2
      kind: ServiceMeshControlPlane
      metadata:
      [...] 
      spec:
        addons:
          grafana:
            enabled: true
          jaeger:
            install:
              storage:
                type: Memory
            name: jaeger
          kiali:
            enabled: true
            name: kiali
        general:
          validationMessages: true
        profiles:
      [...]

       

      After this change, the istiod pod logs twice per second the error message "Error writing Distribution Report: unable to create ConfigMap: configmaps "istiod-basic-6749d8fc55-2ll7s-distribution" is forbidden: cannot set blockOwner
      Deletion if an ownerReference refers to a resource you can't set finalizers on: , <nil>"

      2022-04-07T09:55:11.307304Z     error   status  Error writing Distribution Report: unable to create ConfigMap: configmaps "istiod-basic-6749d8fc55-2ll7s-distribution" is forbidden: cannot set blockOwnerDeletion if an ownerReference refers to a resource you can't set finalizers on: , <nil>
      2022-04-07T09:55:11.809291Z     error   status  Error writing Distribution Report: unable to create ConfigMap: configmaps "istiod-basic-6749d8fc55-2ll7s-distribution" is forbidden: cannot set blockOwnerDeletion if an ownerReference refers to a resource you can't set finalizers on: , <nil>
      2022-04-07T09:55:12.308044Z     error   status  Error writing Distribution Report: unable to create ConfigMap: configmaps "istiod-basic-6749d8fc55-2ll7s-distribution" is forbidden: cannot set blockOwnerDeletion if an ownerReference refers to a resource you can't set finalizers on: , <nil>
      2022-04-07T09:55:12.807051Z     error   status  Error writing Distribution Report: unable to create ConfigMap: configmaps "istiod-basic-6749d8fc55-2ll7s-distribution" is forbidden: cannot set blockOwnerDeletion if an ownerReference refers to a resource you can't set finalizers on: , <nil>
      2022-04-07T09:55:13.308243Z     error   status  Error writing Distribution Report: unable to create ConfigMap: configmaps "istiod-basic-6749d8fc55-2ll7s-distribution" is forbidden: cannot set blockOwnerDeletion if an ownerReference refers to a resource you can't set finalizers on: , <nil>
      2022-04-07T09:55:13.807235Z     error   status  Error writing Distribution Report: unable to create ConfigMap: configmaps "istiod-basic-6749d8fc55-2ll7s-distribution" is forbidden: cannot set blockOwnerDeletion if an ownerReference refers to a resource you can't set finalizers on: , <nil>
      2022-04-07T09:55:14.306869Z     error   status  Error writing Distribution Report: unable to create ConfigMap: configmaps "istiod-basic-6749d8fc55-2ll7s-distribution" is forbidden: cannot set blockOwnerDeletion if an ownerReference refers to a resource you can't set finalizers on: , <nil>
      2022-04-07T09:55:14.807503Z     error   status  Error writing Distribution Report: unable to create ConfigMap: configmaps "istiod-basic-6749d8fc55-2ll7s-distribution" is forbidden: cannot set blockOwnerDeletion if an ownerReference refers to a resource you can't set finalizers on: , <nil>
      2022-04-07T09:55:15.307575Z     error   status  Error writing Distribution Report: unable to create ConfigMap: configmaps "istiod-basic-6749d8fc55-2ll7s-distribution" is forbidden: cannot set blockOwnerDeletion if an ownerReference refers to a resource you can't set finalizers on: , <nil>
      2022-04-07T09:55:15.806975Z     error   status  Error writing Distribution Report: unable to create ConfigMap: configmaps "istiod-basic-6749d8fc55-2ll7s-distribution" is forbidden: cannot set blockOwnerDeletion if an ownerReference refers to a resource you can't set finalizers on: , <nil>
      2022-04-07T09:55:16.306633Z     error   status  Error writing Distribution Report: unable to create ConfigMap: configmaps "istiod-basic-6749d8fc55-2ll7s-distribution" is forbidden: cannot set blockOwnerDeletion if an ownerReference refers to a resource you can't set finalizers on: , <nil>
      2022-04-07T09:55:16.807008Z     error   status  Error writing Distribution Report: unable to create ConfigMap: configmaps "istiod-basic-6749d8fc55-2ll7s-distribution" is forbidden: cannot set blockOwnerDeletion if an ownerReference refers to a resource you can't set finalizers on: , <nil>
      2022-04-07T09:55:17.306477Z     error   status  Error writing Distribution Report: unable to create ConfigMap: configmaps "istiod-basic-6749d8fc55-2ll7s-distribution" is forbidden: cannot set blockOwnerDeletion if an ownerReference refers to a resource you can't set finalizers on: , <nil>
      2022-04-07T09:55:17.807506Z     error   status  Error writing Distribution Report: unable to create ConfigMap: configmaps "istiod-basic-6749d8fc55-2ll7s-distribution" is forbidden: cannot set blockOwnerDeletion if an ownerReference refers to a resource you can't set finalizers on: , <nil>
      2022-04-07T09:55:18.308520Z     error   status  Error writing Distribution Report: unable to create ConfigMap: configmaps "istiod-basic-6749d8fc55-2ll7s-distribution" is forbidden: cannot set blockOwnerDeletion if an ownerReference refers to a resource you can't set finalizers on: , <nil> 

      This comes from here

       

       

       

              mluksa@redhat.com Marko Luksa
              rhn-support-asolanas Alexis Solanas
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated:
                Resolved: