[kuryr-controller] Kuryr deploys Octavia Listeners in disabled state
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
kuryr-kubernetes |
Fix Released
|
Undecided
|
Maysa de Macedo Souza |
Bug Description
Hello,
Some octavia listeners are in disabled state after fresh openshift cluster deployment. As a result, cluster doesn't work properly:
~~~
(openstack) [builder@
18
~~~
Looks like this change introduced some instabillity:
https:/
As a workaround I have enabled the listeners by openstack utility:
~~~
(openstack) [builder@
~~~
I have enabled the body logging on the Octavia side. The body is a $request_body from Kuryr controller. During the deployment Kuryr disables the Octavia listeners for some reason:
~~~
> grep 6a6ac363-
[15/Apr/
[15/Apr/
[15/Apr/
~~~
> o loadbalancer listener show 6a6ac363-
+------
| Field | Value |
+------
| admin_state_up | True |
| connection_limit | -1 |
| created_at | 2020-04-15T10:23:32 |
| default_pool_id | f44dc6b3-
| default_
| description | |
| id | 6a6ac363-
| insert_headers | None |
| l7policies | |
| loadbalancers | 5fde6ab6-
| name | openshift-
| operating_status | ONLINE |
| project_id | 1d1d08dc2a45454
| protocol | TCP |
| protocol_port | 9091 |
| provisioning_status | ACTIVE |
| sni_container_refs | [] |
| timeout_client_data | 50000 |
| timeout_
| timeout_member_data | 50000 |
| timeout_tcp_inspect | 0 |
| updated_at | 2020-04-15T10:24:37 |
| client_
| client_
| client_
| allowed_cidrs | None |
+------
Changed in kuryr-kubernetes: | |
assignee: | nobody → Maysa de Macedo Souza (maysa) |
status: | New → In Progress |
Reviewed: https:/ /review. opendev. org/720817 /git.openstack. org/cgit/ openstack/ kuryr-kubernete s/commit/ ?id=20f7d24ed1c 6b909a1996a6be4 7a2cb721600570
Committed: https:/
Submitter: Zuul
Branch: master
commit 20f7d24ed1c6b90 9a1996a6be47a2c b721600570
Author: Maysa Macedo <email address hidden>
Date: Fri Apr 17 18:55:04 2020 +0000
Ensure LB state annotation sg matches the SG on the LB
As soon as the service is created it's possible that the backend pods
are not yet created resulting in an lbaas_spec annotation with no
security groups defined, and so security group rules can turn out
to be removed from the load balancer sg. This commit ensures the
lbaas_state annotation contains the updated sgs.
Closes-bug: 1872962 6534ad9c1dff18b 4564624d35d
Change-Id: I296d16a627e39e