StarlingX

oidc-client doesn't handle helm-overrides while running

Bug #1923662 reported by Jerry Sun
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
StarlingX
Fix Released
Medium
Jerry Sun

Bug Description

Brief Description
-----------------
oidc-client configuration changes through helm-overrides are not picked up on a running pod. If oidc-auth-apps is applied and config changes are made through helm overrides, oidc-client still uses the old config.

Severity
--------
Major: System/Feature is usable but degraded

Steps to Reproduce
------------------
apply oidc-auth-apps, change oidc-client config through helm overrides, observe the behavior of the oidc-client

Expected Behavior
------------------
new oidc-client config

Actual Behavior
----------------
old oidc-client config

Reproducibility
---------------
100% reproducible

System Configuration
--------------------
Multi-node system

Branch/Pull Time/Commit
-----------------------
Pull 2021-04-13

Last Pass
---------
no

Workaround
----------
remove the application and apply the application.
alternatively, find all the oidc-client pods and delete them to force a pod restart to pick up the new config.

Revision history for this message
Jerry Sun (jerry-sun-u) wrote :

change up for review:
https://review.opendev.org/c/starlingx/oidc-auth-armada-app/+/786118

Changed in starlingx:
assignee: nobody → Jerry Sun (jerry-sun-u)
status: New → In Progress
Revision history for this message
Ghada Khalil (gkhalil) wrote :

stx.5.0 / medium - would be nice to fix, but given there is a workaround, this is not considered high severity.

tags: added: stx.apps
Changed in starlingx:
importance: Undecided → Medium
tags: added: stx.5.0
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to oidc-auth-armada-app (master)

Reviewed: https://review.opendev.org/c/starlingx/oidc-auth-armada-app/+/786118
Committed: https://opendev.org/starlingx/oidc-auth-armada-app/commit/4b899cefd89963bc09a9e3ac32828421f1381944
Submitter: "Zuul (22348)"
Branch: master

commit 4b899cefd89963bc09a9e3ac32828421f1381944
Author: Jerry Sun <email address hidden>
Date: Tue Apr 13 16:09:43 2021 -0400

    oidc-client pod does not properly pick up new config

    A config update through helm overrides to oidc-client gets properly
    passed to the pod, however, the pod does not restart to pick up the
    new config. This commit adds annotations to the oidc-client pod to
    track config changes and trigger a pod restart through kubernetes if
    the config changes. This is only relevant to pods already deployed on
    an applied application. Helm overrides are correctly applied if they
    are changed first, then the application applied.

    Change-Id: I3d9f48038305283a836827fcebcc2b4e95921147
    Closes-Bug: 1923662
    Signed-off-by: Jerry Sun <email address hidden>

Changed in starlingx:
status: In Progress → Fix Released
Revision history for this message
Ghada Khalil (gkhalil) wrote :

Confirmed that this fix was picked up in the r/stx.5.0 release branch
https://review.opendev.org/plugins/gitiles/starlingx/oidc-auth-armada-app/+log/refs/heads/r/stx.5.0/

Bill Zvonar (billzvonar)
tags: added: in-r-stx50
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.