Kubernetes Control Plane Charm

removing relation between kubernetes-master:vault-kv and vault:secrets doesn't work properly

Bug #1844103 reported by Seyeong Kim on 2019-09-16

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Kubernetes Control Plane Charm	Fix Released	Undecided	Cory Johns	Kubernetes Control Plane Charm 1.18

Bug Description

I deployed k8s with vault,

then removed relation between kubernets-master and vault

juju remove-relation kubernetes-master:vault-kv vault:secrets

then i faced error hook failed: "vault-kv-relation-departed"

error inside unit is below [1]

so I analyzed a bit then found that layer.vault-kv.ready is remained.

I removed it and juju resolved kubernetes-master/0 then it went stable status

juju run --unit kubernetes-master/0 -- "charms.reactive clear_flag layer.vault-kv.ready"

I think removing relation is not supported properly.

or I missed something else?

Thanks.

[1] ##########################################################################
2019-09-16 08:40:20 ERROR juju-log vault-kv:19: Hook error: Traceback (most recent call last): File "/var/lib/juju/agents/unit-kubernetes-master-0/.venv/lib/python3.6/site-packages/charms/reactive/__init__.py", line 73, in main bus.dispatch(restricted=restricted_mode) File "/var/lib/juju/agents/unit-kubernetes-master-0/.venv/lib/python3.6/site-packages/charms/reactive/bus.py", line 390, in dispatch _invoke(other_handlers) File "/var/lib/juju/agents/unit-kubernetes-master-0/.venv/lib/python3.6/site-packages/charms/reactive/bus.py", line 359, in _invoke handler.invoke() File "/var/lib/juju/agents/unit-kubernetes-master-0/.venv/lib/python3.6/site-packages/charms/reactive/bus.py", line 181, in invoke self._action(*args) File "/var/lib/juju/agents/unit-kubernetes-master-0/charm/reactive/kubernetes_master.py", line 2251, in generate_encryption_key app_kv = vault_kv.VaultAppKV() File "lib/charms/layer/vault_kv.py", line 25, in __call__ cls._singleton_instance = super().__call__(*args, **kwargs) File "lib/charms/layer/vault_kv.py", line 96, in __init__ self._path = '{}/kv/app'.format(self._config['secret_backend']) File "lib/charms/layer/vault_kv.py", line 43, in _config _VaultBaseKV._config = get_vault_config() File "lib/charms/layer/vault_kv.py", line 201, in get_vault_config raise VaultNotReady() charms.layer.vault_kv.VaultNotReady

See original description

Tags:

Seyeong Kim (seyeongkim) on 2019-09-16

description:

updated

Revision history for this message

Cory Johns (johnsca) wrote on 2019-09-16:

There is a handler to clear the ready flag [1] but I think there is a timing issue with it due to the fact that other handlers might run between when the connected flag is removed and when that handler would run. I think the solution to this would be to use triggers [2], but we may also need to include the available flag in addition to connected. Also, the interface layer should probably also be migrated to use manage_flags [3] to improve the timing of the connected and available flags themselves, as well.

[1]: https://github.com/juju-solutions/layer-vault-kv/blob/master/reactive/vault_kv.py#L40-L43
[2]: https://charmsreactive.readthedocs.io/en/latest/triggers.html
[3]: https://charmsreactive.readthedocs.io/en/latest/charms.reactive.relations.html#charms.reactive.endpoints.Endpoint.manage_flags

Revision history for this message

Cory Johns (johnsca) wrote on 2019-09-17:

https://github.com/openstack-charmers/charm-interface-vault-kv/pull/7

Changed in charm-kubernetes-master:
status:	New → In Progress
assignee:	nobody → Cory Johns (johnsca)

Tim Van Steenburgh (tvansteenburgh) on 2019-09-18

Changed in charm-kubernetes-master:
status:	In Progress → Fix Committed
milestone:	none → 1.16

Tim Van Steenburgh (tvansteenburgh) on 2019-09-27

Changed in charm-kubernetes-master:
status:	Fix Committed → Fix Released

Revision history for this message

Cory Johns (johnsca) wrote on 2019-10-10:

The interface PR has not been merged yet. Not sure why this got changed to released.

Changed in charm-kubernetes-master:
milestone:	1.16 → 1.16+ck2
status:	Fix Released → Fix Committed
status:	Fix Committed → In Progress

Tim Van Steenburgh (tvansteenburgh) on 2019-10-15

Changed in charm-kubernetes-master:
milestone:	1.16+ck2 → 1.16+ck3

Tim Van Steenburgh (tvansteenburgh) on 2020-01-07

Changed in charm-kubernetes-master:
milestone:	1.16+ck3 → 1.17+ck1

Tim Van Steenburgh (tvansteenburgh) on 2020-01-15

Changed in charm-kubernetes-master:
milestone:	1.17+ck1 → 1.17+ck2

Revision history for this message

George Kraft (cynerva) wrote on 2020-02-27:

We're hitting this in CI. In addition to the open PR against interface-vault-kv, it looks to me like we'll need a PR against layer-vault-kv to fix the race condition on the clear_ready handler.

Tim Van Steenburgh (tvansteenburgh) on 2020-02-28

Changed in charm-kubernetes-master:
milestone:	1.17+ck2 → 1.17+ck3

Revision history for this message

Cory Johns (johnsca) wrote on 2020-03-24:

PR for the layer-vault-kv portion: https://github.com/juju-solutions/layer-vault-kv/pull/9

Tim Van Steenburgh (tvansteenburgh) on 2020-03-24

tags:

added: review-needed

Cory Johns (johnsca) on 2020-04-02

Changed in charm-kubernetes-master:
milestone:	1.17+ck3 → 1.18
status:	In Progress → Fix Committed

Kevin W Monroe (kwmonroe) on 2020-04-02

tags:

removed: review-needed

Tim Van Steenburgh (tvansteenburgh) on 2020-04-15

Changed in charm-kubernetes-master:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.