impossible to delete k8s services when octavia is detected
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Kubernetes Control Plane Charm |
Fix Released
|
High
|
George Kraft | ||
Openstack Integrator Charm |
Fix Released
|
High
|
George Kraft |
Bug Description
Hi,
I investigated a k8s service that wouldn't delete today, the "describe" was like this :
https:/
As it turns out, by default, openstack users don't have access to Octavia (at least in Ussuri, which is the openstack version we're using here) :
https:/
I had to add the "load-balancer_
If a k8s service can be created without octavia access, I think one should be able to delete it as well without octavia access.
Thanks
PS : the version of openstack-
App Version Status Scale Charm Channel Rev Exposed Message
openstack-
$ kubectl version
WARNING: This version information is deprecated and will be replaced with the output from kubectl version --short. Use --output=yaml|json to get the full version.
Client Version: version.
Kustomize Version: v4.5.7
Server Version: version.
WARNING: version difference between client (1.25) and server (1.21) exceeds the supported minor version skew of +/-1
Changed in charm-openstack-integrator: | |
status: | Triaged → Confirmed |
Changed in charm-openstack-integrator: | |
importance: | Medium → High |
status: | Confirmed → Triaged |
Changed in charm-kubernetes-master: | |
status: | In Progress → Fix Committed |
Changed in charm-openstack-integrator: | |
status: | In Progress → Fix Committed |
tags: | added: backport-needed |
tags: | removed: backport-needed |
Changed in charm-kubernetes-master: | |
status: | Fix Committed → Fix Released |
Changed in charm-openstack-integrator: | |
status: | Fix Committed → Fix Released |
Interesting. The code that openstack- integrator uses to decide if Octavia should be used or not is in detect_octavia[1], which checks for the presence of octavia in `openstack catalog list`. I'm guessing this does not take into account the roles of the user.
That said, we require Octavia[2], and we require it because the upstream openstack- cloud-controlle r-manager project that we use to manage k8s LoadBalancer services also requires Octavia[3].
I recommend two fixes: integration documentation to list required user roles integrator charm check and verify user roles, and enter Blocked status if required roles are missing
1. Update the openstack-
2. Make the openstack-
[1]: https:/ /github. com/juju- solutions/ charm-openstack -integrator/ blob/91984db617 6c005340429061c 2aef02654b543ad /lib/charms/ layer/openstack .py#L131 /ubuntu. com/kubernetes/ docs/openstack- integration /github. com/kubernetes/ cloud-provider- openstack/ blob/ec0e52924d 107a039524b29e1 9cb11937b37961e /docs/openstack -cloud- controller- manager/ using-openstack -cloud- controller- manager. md
[2]: https:/
[3]: https:/