StarlingX

oidc-auth-apps fails to apply in kubernetes version 1.21.3

Bug #1948981 reported by Jerry Sun
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
StarlingX
Fix Released
High
Jerry Sun

Bug Description

Brief Description
-----------------
oidc-auth-apps fails to apply with dex pod logs showing the following: failed to inspect service account token: jwt claim "kubernetes.io/serviceaccount/namespace" not found
This appears to be related to the kubernetes upversioning to 1.21.3, as described here: https://github.com/dexidp/dex/issues/2082#issuecomment-818124478

Severity
--------
Major: System/Feature is usable but degraded

Steps to Reproduce
------------------
Deploy oidc-auth-apps on a load from today

Expected Behavior
------------------
oidc-auth-apps applies successfully

Actual Behavior
----------------
oidc-auth-apps fails to apply

Reproducibility
---------------
100% reproducible

System Configuration
--------------------
multi-node system

Branch/Pull Time/Commit
-----------------------
2021-10-27

Jerry Sun (jerry-sun-u)
Changed in starlingx:
assignee: nobody → Jerry Sun (jerry-sun-u)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to oidc-auth-armada-app (master)

Fix proposed to branch: master
Review: https://review.opendev.org/c/starlingx/oidc-auth-armada-app/+/815756

Changed in starlingx:
status: New → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to oidc-auth-armada-app (master)

Reviewed: https://review.opendev.org/c/starlingx/oidc-auth-armada-app/+/815756
Committed: https://opendev.org/starlingx/oidc-auth-armada-app/commit/2576b55249735d30ba7f34a46ab9544e37f91228
Submitter: "Zuul (22348)"
Branch: master

commit 2576b55249735d30ba7f34a46ab9544e37f91228
Author: Jerry Sun <email address hidden>
Date: Wed Oct 27 17:33:47 2021 -0400

    Dex pods fail on kubernetes version 1.21.3

    Dex pod is crashing due to a recent kubernetes upversioning to 1.21.3.
    This causes oidc-auth-apps to fail to apply. This commit implements
    the fix suggested for it upstream:
    https://github.com/dexidp/dex/issues/2082#issuecomment-818124478

    Test Plan:
    PASS: apply oidc-auth-apps on kubernetes version 1.18.1
    PASS: apply oidc-auth-apps on kubernetes version 1.19.13
    PASS: apply oidc-auth-apps on kubernetes version 1.20.9
    PASS: apply oidc-auth-apps on kubernetes version 1.21.3

    Change-Id: Ide9376820647fb46dfd27ea56623dfeefce9f4dd
    Closes-Bug: 1948981
    Signed-off-by: Jerry Sun <email address hidden>

Changed in starlingx:
status: In Progress → Fix Released
Ghada Khalil (gkhalil)
Changed in starlingx:
importance: Undecided → High
tags: added: stx.6.0 stx.containers
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.