From 304071ac21962921ccd18ad124c939f6f03fad7b Mon Sep 17 00:00:00 2001 From: Jan Chaloupka Date: Mon, 20 Jan 2025 14:22:33 +0100 Subject: [PATCH] Exclude etcd readiness checks from /readyz to ignore temporary etcd hiccups Explicitly exclude etcd and etcd-readiness checks (OCPBUGS-48177) and have etcd operator take responsibility for properly reporting etcd readiness. Justification: kube-apiserver instances get removed from a load balancer when etcd starts to report not ready (as will KA's /readyz). Client connections can withstand etcd unreadiness longer than the readiness timeout is. Thus, it is not necessary to drop connections in case etcd resumes its readiness before a client connection times out naturally. --- bindata/oauth-apiserver/deploy.yaml | 2 +- pkg/operator/workload/testdata/sync_ds_scenario_1.yaml | 5 ++--- pkg/operator/workload/testdata/sync_ds_scenario_2.yaml | 5 ++--- pkg/operator/workload/testdata/sync_ds_scenario_3.yaml | 5 ++--- .../{4dff-body-cluster.yaml => 8406-body-cluster.yaml} | 0 ...4dff-metadata-cluster.yaml => 8406-metadata-cluster.yaml} | 0 .../{4dff-options-cluster.yaml => 8406-options-cluster.yaml} | 0 ...ession.yaml => 03c9-body-v4-0-config-system-session.yaml} | 2 +- ...on.yaml => 03c9-metadata-v4-0-config-system-session.yaml} | 0 ...ody-authentication.yaml => 85c3-body-authentication.yaml} | 0 ...authentication.yaml => 85c3-metadata-authentication.yaml} | 0 ...stem-COLON-openshift-COLON-openshift-authenticator-.yaml} | 2 +- ...stem-COLON-openshift-COLON-openshift-authenticator-.yaml} | 0 13 files changed, 9 insertions(+), 12 deletions(-) rename test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/ApplyStatus/cluster-scoped-resources/operator.openshift.io/authentications/{4dff-body-cluster.yaml => 8406-body-cluster.yaml} (100%) rename test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/ApplyStatus/cluster-scoped-resources/operator.openshift.io/authentications/{4dff-metadata-cluster.yaml => 8406-metadata-cluster.yaml} (100%) rename test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/ApplyStatus/cluster-scoped-resources/operator.openshift.io/authentications/{4dff-options-cluster.yaml => 8406-options-cluster.yaml} (100%) rename test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-authentication/core/secrets/{c23d-body-v4-0-config-system-session.yaml => 03c9-body-v4-0-config-system-session.yaml} (63%) rename test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-authentication/core/secrets/{c23d-metadata-v4-0-config-system-session.yaml => 03c9-metadata-v4-0-config-system-session.yaml} (100%) rename test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/UpdateStatus/cluster-scoped-resources/config.openshift.io/clusteroperators/{0598-body-authentication.yaml => 85c3-body-authentication.yaml} (100%) rename test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/UpdateStatus/cluster-scoped-resources/config.openshift.io/clusteroperators/{0598-metadata-authentication.yaml => 85c3-metadata-authentication.yaml} (100%) rename test-data/apply-configuration/overall/minimal-cluster/expected-output/UserWorkload/Create/cluster-scoped-resources/certificates.k8s.io/certificatesigningrequests/{c5ab-body-system-COLON-openshift-COLON-openshift-authenticator-.yaml => fa09-body-system-COLON-openshift-COLON-openshift-authenticator-.yaml} (67%) rename test-data/apply-configuration/overall/minimal-cluster/expected-output/UserWorkload/Create/cluster-scoped-resources/certificates.k8s.io/certificatesigningrequests/{c5ab-metadata-system-COLON-openshift-COLON-openshift-authenticator-.yaml => fa09-metadata-system-COLON-openshift-COLON-openshift-authenticator-.yaml} (100%) diff --git a/bindata/oauth-apiserver/deploy.yaml b/bindata/oauth-apiserver/deploy.yaml index e01c9dd4a4..387a048e59 100644 --- a/bindata/oauth-apiserver/deploy.yaml +++ b/bindata/oauth-apiserver/deploy.yaml @@ -130,7 +130,7 @@ spec: httpGet: scheme: HTTPS port: 8443 - path: readyz + path: readyz?exclude=etcd&exclude=etcd-readiness initialDelaySeconds: 0 periodSeconds: 5 timeoutSeconds: 10 diff --git a/pkg/operator/workload/testdata/sync_ds_scenario_1.yaml b/pkg/operator/workload/testdata/sync_ds_scenario_1.yaml index 97e048e608..b5cf33f99c 100755 --- a/pkg/operator/workload/testdata/sync_ds_scenario_1.yaml +++ b/pkg/operator/workload/testdata/sync_ds_scenario_1.yaml @@ -3,7 +3,7 @@ kind: Deployment metadata: annotations: openshiftapiservers.operator.openshift.io/operator-pull-spec: "" - operator.openshift.io/spec-hash: "1986a56f7e54d5a8fb43656056b747bf93c3eeea535b79bb2866562a001a3778" + operator.openshift.io/spec-hash: "dc41cb7ec4f6f82f4a8637ae233969f202c36f6acd376aca21980313af7c9f50" creationTimestamp: ~ labels: apiserver: "true" @@ -87,7 +87,7 @@ spec: httpGet: scheme: HTTPS port: 8443 - path: readyz + path: readyz?exclude=etcd&exclude=etcd-readiness initialDelaySeconds: 0 periodSeconds: 5 timeoutSeconds: 10 @@ -213,4 +213,3 @@ spec: path: /var/log/oauth-apiserver name: audit-dir status: {} - diff --git a/pkg/operator/workload/testdata/sync_ds_scenario_2.yaml b/pkg/operator/workload/testdata/sync_ds_scenario_2.yaml index 2ae72110eb..9087da597f 100755 --- a/pkg/operator/workload/testdata/sync_ds_scenario_2.yaml +++ b/pkg/operator/workload/testdata/sync_ds_scenario_2.yaml @@ -3,7 +3,7 @@ kind: Deployment metadata: annotations: openshiftapiservers.operator.openshift.io/operator-pull-spec: "" - operator.openshift.io/spec-hash: "fbe2e5bff6b8355967db0b9d904e66a2a56018f85b6e488362d6d5161bde1f93" + operator.openshift.io/spec-hash: "857876e78675ca8630c8a1ef114cc9487d714ab30b0e22178ccc77ffd95012d5" creationTimestamp: ~ labels: apiserver: "true" @@ -96,7 +96,7 @@ spec: httpGet: scheme: HTTPS port: 8443 - path: readyz + path: readyz?exclude=etcd&exclude=etcd-readiness initialDelaySeconds: 0 periodSeconds: 5 timeoutSeconds: 10 @@ -222,4 +222,3 @@ spec: path: /var/log/oauth-apiserver name: audit-dir status: {} - diff --git a/pkg/operator/workload/testdata/sync_ds_scenario_3.yaml b/pkg/operator/workload/testdata/sync_ds_scenario_3.yaml index 9a471ea9e9..2bb3e57519 100755 --- a/pkg/operator/workload/testdata/sync_ds_scenario_3.yaml +++ b/pkg/operator/workload/testdata/sync_ds_scenario_3.yaml @@ -3,7 +3,7 @@ kind: Deployment metadata: annotations: openshiftapiservers.operator.openshift.io/operator-pull-spec: "" - operator.openshift.io/spec-hash: "ccb8d879eec9cdde0c99dd71a28ec2f55d94ffce29e96b74a2b126c3014f223d" + operator.openshift.io/spec-hash: "a4574abdfafd21fb9a70db6c0cd6064f940ec4d3f199a0f5d9e0ac8392500f9d" creationTimestamp: ~ labels: apiserver: "true" @@ -91,7 +91,7 @@ spec: httpGet: scheme: HTTPS port: 8443 - path: readyz + path: readyz?exclude=etcd&exclude=etcd-readiness initialDelaySeconds: 0 periodSeconds: 5 timeoutSeconds: 10 @@ -217,4 +217,3 @@ spec: path: /var/log/oauth-apiserver name: audit-dir status: {} - diff --git a/test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/ApplyStatus/cluster-scoped-resources/operator.openshift.io/authentications/4dff-body-cluster.yaml b/test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/ApplyStatus/cluster-scoped-resources/operator.openshift.io/authentications/8406-body-cluster.yaml similarity index 100% rename from test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/ApplyStatus/cluster-scoped-resources/operator.openshift.io/authentications/4dff-body-cluster.yaml rename to test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/ApplyStatus/cluster-scoped-resources/operator.openshift.io/authentications/8406-body-cluster.yaml diff --git a/test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/ApplyStatus/cluster-scoped-resources/operator.openshift.io/authentications/4dff-metadata-cluster.yaml b/test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/ApplyStatus/cluster-scoped-resources/operator.openshift.io/authentications/8406-metadata-cluster.yaml similarity index 100% rename from test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/ApplyStatus/cluster-scoped-resources/operator.openshift.io/authentications/4dff-metadata-cluster.yaml rename to test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/ApplyStatus/cluster-scoped-resources/operator.openshift.io/authentications/8406-metadata-cluster.yaml diff --git a/test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/ApplyStatus/cluster-scoped-resources/operator.openshift.io/authentications/4dff-options-cluster.yaml b/test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/ApplyStatus/cluster-scoped-resources/operator.openshift.io/authentications/8406-options-cluster.yaml similarity index 100% rename from test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/ApplyStatus/cluster-scoped-resources/operator.openshift.io/authentications/4dff-options-cluster.yaml rename to test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/ApplyStatus/cluster-scoped-resources/operator.openshift.io/authentications/8406-options-cluster.yaml diff --git a/test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-authentication/core/secrets/c23d-body-v4-0-config-system-session.yaml b/test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-authentication/core/secrets/03c9-body-v4-0-config-system-session.yaml similarity index 63% rename from test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-authentication/core/secrets/c23d-body-v4-0-config-system-session.yaml rename to test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-authentication/core/secrets/03c9-body-v4-0-config-system-session.yaml index f925a641b7..8c05aa9954 100644 --- a/test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-authentication/core/secrets/c23d-body-v4-0-config-system-session.yaml +++ b/test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-authentication/core/secrets/03c9-body-v4-0-config-system-session.yaml @@ -1,6 +1,6 @@ apiVersion: v1 data: - v4-0-config-system-session: eyJraW5kIjoiU2Vzc2lvblNlY3JldHMiLCJhcGlWZXJzaW9uIjoib3BlcmF0b3J2MWNsaWVudCIsInNlY3JldHMiOlt7ImF1dGhlbnRpY2F0aW9uIjoiZXlFUDNvR21XNnNEdW5JWlV2aHVabFJXV25GdlpkQ2RhYXJCZGl0MEJ2b1FKOVp2aW8xcHdNMUdDNXF6RTY2NyIsImVuY3J5cHRpb24iOiJmSDNqeF9CR0J0alBZQW9HU011M3RJbVpLX29aRmdWeiJ9XX0= + v4-0-config-system-session: eyJraW5kIjoiU2Vzc2lvblNlY3JldHMiLCJhcGlWZXJzaW9uIjoib3BlcmF0b3J2MWNsaWVudCIsInNlY3JldHMiOlt7ImF1dGhlbnRpY2F0aW9uIjoiWXVyTV8xbnpPSlF4Q1RDQmpxcV8ySUZaSlotSEJOaWNzdi1MVkpLUVdyTi05UlM5b0FtMk9IckdEdlRQRzlfcyIsImVuY3J5cHRpb24iOiJObzVyNXZ3Mlg3d0QzVl9nU2JydHhsUGFpMVJ0c0p1QiJ9XX0= kind: Secret metadata: creationTimestamp: null diff --git a/test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-authentication/core/secrets/c23d-metadata-v4-0-config-system-session.yaml b/test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-authentication/core/secrets/03c9-metadata-v4-0-config-system-session.yaml similarity index 100% rename from test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-authentication/core/secrets/c23d-metadata-v4-0-config-system-session.yaml rename to test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/Create/namespaces/openshift-authentication/core/secrets/03c9-metadata-v4-0-config-system-session.yaml diff --git a/test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/UpdateStatus/cluster-scoped-resources/config.openshift.io/clusteroperators/0598-body-authentication.yaml b/test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/UpdateStatus/cluster-scoped-resources/config.openshift.io/clusteroperators/85c3-body-authentication.yaml similarity index 100% rename from test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/UpdateStatus/cluster-scoped-resources/config.openshift.io/clusteroperators/0598-body-authentication.yaml rename to test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/UpdateStatus/cluster-scoped-resources/config.openshift.io/clusteroperators/85c3-body-authentication.yaml diff --git a/test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/UpdateStatus/cluster-scoped-resources/config.openshift.io/clusteroperators/0598-metadata-authentication.yaml b/test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/UpdateStatus/cluster-scoped-resources/config.openshift.io/clusteroperators/85c3-metadata-authentication.yaml similarity index 100% rename from test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/UpdateStatus/cluster-scoped-resources/config.openshift.io/clusteroperators/0598-metadata-authentication.yaml rename to test-data/apply-configuration/overall/minimal-cluster/expected-output/Management/UpdateStatus/cluster-scoped-resources/config.openshift.io/clusteroperators/85c3-metadata-authentication.yaml diff --git a/test-data/apply-configuration/overall/minimal-cluster/expected-output/UserWorkload/Create/cluster-scoped-resources/certificates.k8s.io/certificatesigningrequests/c5ab-body-system-COLON-openshift-COLON-openshift-authenticator-.yaml b/test-data/apply-configuration/overall/minimal-cluster/expected-output/UserWorkload/Create/cluster-scoped-resources/certificates.k8s.io/certificatesigningrequests/fa09-body-system-COLON-openshift-COLON-openshift-authenticator-.yaml similarity index 67% rename from test-data/apply-configuration/overall/minimal-cluster/expected-output/UserWorkload/Create/cluster-scoped-resources/certificates.k8s.io/certificatesigningrequests/c5ab-body-system-COLON-openshift-COLON-openshift-authenticator-.yaml rename to test-data/apply-configuration/overall/minimal-cluster/expected-output/UserWorkload/Create/cluster-scoped-resources/certificates.k8s.io/certificatesigningrequests/fa09-body-system-COLON-openshift-COLON-openshift-authenticator-.yaml index b404c90173..53389ca1ed 100644 --- a/test-data/apply-configuration/overall/minimal-cluster/expected-output/UserWorkload/Create/cluster-scoped-resources/certificates.k8s.io/certificatesigningrequests/c5ab-body-system-COLON-openshift-COLON-openshift-authenticator-.yaml +++ b/test-data/apply-configuration/overall/minimal-cluster/expected-output/UserWorkload/Create/cluster-scoped-resources/certificates.k8s.io/certificatesigningrequests/fa09-body-system-COLON-openshift-COLON-openshift-authenticator-.yaml @@ -6,7 +6,7 @@ metadata: labels: authentication.openshift.io/csr: openshift-authenticator spec: - request: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0KTUlJQkRqQ0J0QUlCQURCU01WQXdUZ1lEVlFRREUwZHplWE4wWlcwNmMyVnlkbWxqWldGalkyOTFiblE2YjNCbApibk5vYVdaMExXOWhkWFJvTFdGd2FYTmxjblpsY2pwdmNHVnVjMmhwWm5RdFlYVjBhR1Z1ZEdsallYUnZjakJaCk1CTUdCeXFHU000OUFnRUdDQ3FHU000OUF3RUhBMElBQkx6Q3hKUTRjZ2tubVlqdytSd1Nmb2kwUWt5dktua1UKOEZuUXJJRWxNUE8vUG13eDdva1h5SjhONmNpQkNZaWYrLzkvaTdIN1MzN3BrUkM5YmliRnQvU2dBREFLQmdncQpoa2pPUFFRREFnTkpBREJHQWlFQTJjRXRhbHczWENSMlhkODZGN2tsL2hzWWlKNTZYMlBWcXVnUHA5SGxwWjhDCklRRElxR25WcE5wbXRPMWlYazFJaGhxWlVsbGZ5YmxHS3F6U0VhWWFRTEhRUXc9PQotLS0tLUVORCBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0K + request: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0KTUlJQkRqQ0J0QUlCQURCU01WQXdUZ1lEVlFRREUwZHplWE4wWlcwNmMyVnlkbWxqWldGalkyOTFiblE2YjNCbApibk5vYVdaMExXOWhkWFJvTFdGd2FYTmxjblpsY2pwdmNHVnVjMmhwWm5RdFlYVjBhR1Z1ZEdsallYUnZjakJaCk1CTUdCeXFHU000OUFnRUdDQ3FHU000OUF3RUhBMElBQkJYWkx2TEpOb0JrUG1CZmVNdnhjT1psV3lhZjdzUDAKa29Lb2MyeDRvVWhabmhObVNsS283bm5kcWhCVjl0N2kxSVpFNWdycGpyRnZ6U0QvV0xQNmR1NmdBREFLQmdncQpoa2pPUFFRREFnTkpBREJHQWlFQXlSM1h1NFY5alVOa2NkM2N3dGhiUXBOZjFUc1hTYS9YekQ3RkNNUnRxNllDCklRQ0UvYmEvdnNRU1VYN0kza2RNeCtPdVF2QWJsSk1hdEdmbC9VaTdyRUszb2c9PQotLS0tLUVORCBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0K signerName: kubernetes.io/kube-apiserver-client usages: - digital signature diff --git a/test-data/apply-configuration/overall/minimal-cluster/expected-output/UserWorkload/Create/cluster-scoped-resources/certificates.k8s.io/certificatesigningrequests/c5ab-metadata-system-COLON-openshift-COLON-openshift-authenticator-.yaml b/test-data/apply-configuration/overall/minimal-cluster/expected-output/UserWorkload/Create/cluster-scoped-resources/certificates.k8s.io/certificatesigningrequests/fa09-metadata-system-COLON-openshift-COLON-openshift-authenticator-.yaml similarity index 100% rename from test-data/apply-configuration/overall/minimal-cluster/expected-output/UserWorkload/Create/cluster-scoped-resources/certificates.k8s.io/certificatesigningrequests/c5ab-metadata-system-COLON-openshift-COLON-openshift-authenticator-.yaml rename to test-data/apply-configuration/overall/minimal-cluster/expected-output/UserWorkload/Create/cluster-scoped-resources/certificates.k8s.io/certificatesigningrequests/fa09-metadata-system-COLON-openshift-COLON-openshift-authenticator-.yaml