Uploaded image for project: 'OpenShift Service Mesh'
  1. OpenShift Service Mesh
  2. OSSM-5583

elasticsearch pods do not come up when autoInject is set to True in SMCP

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Minor Minor
    • None
    • OSSM 2.4.4
    • Maistra
    • None
    • False
    • None
    • False
    • User Experience
    • Hide

      Reproducer Steps are as follows:

      Install the Required operators.
      Configure the SMCP as follows:
      addons:
      grafana:
      enabled: true
      jaeger:
      install:
      ingress:
      enabled: true
      storage:
      elasticsearch:
      nodeCount: 2
      redundancyPolicy: SingleRedundancy
      memory:
      maxTraces: 100000
      type: Elasticsearch
      kiali:
      enabled: true
      prometheus:
      enabled: true
      policy:
      type: Istiod
      profiles:

      • default
        proxy:
        accessLogging:
        file:
        name: /dev/stdout
        injection:
        autoInject: true
        runtime:
        components:
        tracing.jaeger.elasticsearch:
        container:
        resources:
        limits:
        cpu: "1"
        memory: 1Gi
        requests:
        cpu: 500m
        memory: 1Gi
        telemetry:
        type: Istiod
        tracing:
        sampling: 10000
        type: Jaeger
        version: v2.4

      3. After the SMCP is configured correctly then check the pod status by running

      $ oc get pod

      4. Remove the annotation from the pods of elasticsearch by running

      $ oc edit pod [pod-name] --> change to [pod-name] to accurate pod -name.

      5. Check the status of the pods again.

      $ oc get pods.

      Show
      Reproducer Steps are as follows: Install the Required operators. Configure the SMCP as follows: addons: grafana: enabled: true jaeger: install: ingress: enabled: true storage: elasticsearch: nodeCount: 2 redundancyPolicy: SingleRedundancy memory: maxTraces: 100000 type: Elasticsearch kiali: enabled: true prometheus: enabled: true policy: type: Istiod profiles: default proxy: accessLogging: file: name: /dev/stdout injection: autoInject: true runtime: components: tracing.jaeger.elasticsearch: container: resources: limits: cpu: "1" memory: 1Gi requests: cpu: 500m memory: 1Gi telemetry: type: Istiod tracing: sampling: 10000 type: Jaeger version: v2.4 3. After the SMCP is configured correctly then check the pod status by running $ oc get pod 4. Remove the annotation from the pods of elasticsearch by running $ oc edit pod [pod-name] --> change to [pod-name] to accurate pod -name. 5. Check the status of the pods again. $ oc get pods.

      Issue: The pods of elasticsearch fail to come up and be ready ( 3/3 ) where spec.proxy.injection.autoInject ** is set to True.

      this can be considered as a BUG because it's adding the label "k8s.v1.cni.cncf.io/networks: v2-4-istio-cni" to the elastic-search pods and this pods do not need that, this is why we get the error message:
      network-attachment-definitions.k8s.cni.cncf.io "v2-4-istio-cni" not found

      Because that network-attachment-definition does not exist and will not exist in that namespace. We can check and confirm that it's a bug because if we install bookinfo application into the bookinfo namespace we can see that the deinition is created and all the pods contains the same label injected to the elastic-search pod:

       kubectl get network-attachment-definition -A
NAMESPACE   NAME             AGE
bookinfo    v2-4-istio-cni   4m19s
kind: Pod
apiVersion: v1
metadata:
  generateName: details-v1-5f4d584748-
  annotations:
    openshift.io/scc: restricted-v2
    sidecar.istio.io/interceptionMode: REDIRECT
    prometheus.io/port: '15020'
    k8s.ovn.org/pod-networks: >-
      {"default":{"ip_addresses":["10.x..x/xx"],"mac_address":"x:x:x:x:zz:yy","gateway_ips":["zz.zz.z.z"],"routes":[{"dest":"ww.yy.0.0/rr","nextHop":"rr.zz.2.yy"},{"dest":"y.yy.y.y/zz","nextHop":"w.y.y.w"},{"dest":"zz.zz.z.z/zz","nextHop":"zz.yy.r.yy"}],"ip_address":"aa.xx.y.yy/yy","gateway_ip":"yy.yy.y.y"}}
    k8s.v1.cni.cncf.io/networks: v2-4-istio-cni
    prometheus.io/path: /stats/prometheus

              Unassigned Unassigned
              rhn-support-pyadav Prachi Yadav
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated: