StarlingX

  1. Bug #2058075
  2. Activity log

Activity log for bug #2058075

Date Who What changed Old value New value Message
2024-03-15 22:31:07 João Victor Portal bug added bug
2024-03-15 22:42:41 OpenStack Infra starlingx: status New In Progress
2024-03-20 15:54:00 João Victor Portal description Brief Description ----------------- dex pod (eg oidc-dex-5cdc87d8c9-5z5fs) is not scheduled on controller-0 after network restart. Severity -------- Minor Steps to Reproduce ------------------ Steps to Reproduce 1. Setup any multinode lab (DX/Std/DC with multinode System Controller) with OIDC. 2. Create Ldap user and verify it has got kubectl access after oidc token generation. 3. Restart network on active controller. Expected Behavior ------------------ once the controller is online and available, dex pod should be scheduled on it. ldap user should be able to login to the controller and access k8s after generating new token. Actual Behavior ---------------- dex pod is not scheduled on controller that was n/w reboot. Both dex pods are scheduled on controller-1. (lab has 2 controllers and hence 2 dex pods) No impact on ldap login. User is able to login, generate token and access k8s cli. Reproducibility --------------- Reproducible Executed n/w restart 2 times and observed same behavior. System Configuration -------------------- DX/Std/DC with multinode System Controller Branch/Pull Time/Commit ----------------------- NA. Last Pass --------- NA. Timestamp/Logs -------------- Before network restart: sysadmin@controller-0:~$ kubectl get pod -A -o wide | grep oidc kube-system oidc-dex-5cdc87d8c9-54lwv 1/1 Running 0 15h aefd:206::8e22:765f:6121:eb72 controller-0 <none> <none> kube-system oidc-dex-5cdc87d8c9-pf8xc 1/1 Running 0 15h aefd:206::a4ce:fec1:5423:e328 controller-1 <none> <none> kube-system stx-oidc-client-8485996446-7zmz4 1/1 Running 0 16h aefd:206::8e22:765f:6121:eb4d controller-0 <none> <none> kube-system stx-oidc-client-8485996446-mw4hg 1/1 Running 0 16h aefd:206::a4ce:fec1:5423:e323 controller-1 <none> <none> sysadmin@controller-0:~$ sudo systemctl restart networking sysadmin@controller-0:~$ After controller-0 is online and available [sysadmin@controller-1 ~(keystone_admin)]$ kubectl get pod -A -o wide | grep oidc kube-system oidc-dex-5cdc87d8c9-5z5fs 1/1 Running 0 12m aefd:206::a4ce:fec1:5423:e325 controller-1 <none> <none> kube-system oidc-dex-5cdc87d8c9-pf8xc 1/1 Running 0 15h aefd:206::a4ce:fec1:5423:e328 controller-1 <none> <none> kube-system stx-oidc-client-8485996446-7lk2d 1/1 Running 0 12m aefd:206::8e22:765f:6121:eb5b controller-0 <none> <none> kube-system stx-oidc-client-8485996446-mw4hg 1/1 Running 0 16h aefd:206::a4ce:fec1:5423:e323 controller-1 <none> <none> Test Activity ------------- Feature Testing Workaround ---------- Delete the pod. New pod would be created and scheduled on controller-0. Brief Description ----------------- Dex pod (eg oidc-dex-5cdc87d8c9-5z5fs) is not scheduled on controller-0 after network restart. This happens because the podAntiAffinity rules are not working correctly, allowing the schedule of 2 pods on the same controller. As a consequence, the other controller will have no dex pods. Severity -------- Minor Steps to Reproduce ------------------ Steps to Reproduce 1. Setup any multinode lab (DX/Std/DC with multinode System Controller) with OIDC. 2. Create Ldap user and verify it has got kubectl access after oidc token generation. 3. Restart network on active controller. Expected Behavior ------------------ once the controller is online and available, dex pod should be scheduled on it. ldap user should be able to login to the controller and access k8s after generating new token. Actual Behavior ---------------- dex pod is not scheduled on controller that was n/w reboot. Both dex pods are scheduled on controller-1. (lab has 2 controllers and hence 2 dex pods) No impact on ldap login. User is able to login, generate token and access k8s cli. Reproducibility --------------- Reproducible Executed n/w restart 2 times and observed same behavior. System Configuration -------------------- DX/Std/DC with multinode System Controller Branch/Pull Time/Commit ----------------------- NA. Last Pass --------- NA. Timestamp/Logs -------------- Before network restart: sysadmin@controller-0:~$ kubectl get pod -A -o wide | grep oidc kube-system oidc-dex-5cdc87d8c9-54lwv 1/1 Running 0 15h aefd:206::8e22:765f:6121:eb72 controller-0 <none> <none> kube-system oidc-dex-5cdc87d8c9-pf8xc 1/1 Running 0 15h aefd:206::a4ce:fec1:5423:e328 controller-1 <none> <none> kube-system stx-oidc-client-8485996446-7zmz4 1/1 Running 0 16h aefd:206::8e22:765f:6121:eb4d controller-0 <none> <none> kube-system stx-oidc-client-8485996446-mw4hg 1/1 Running 0 16h aefd:206::a4ce:fec1:5423:e323 controller-1 <none> <none> sysadmin@controller-0:~$ sudo systemctl restart networking sysadmin@controller-0:~$ After controller-0 is online and available [sysadmin@controller-1 ~(keystone_admin)]$ kubectl get pod -A -o wide | grep oidc kube-system oidc-dex-5cdc87d8c9-5z5fs 1/1 Running 0 12m aefd:206::a4ce:fec1:5423:e325 controller-1 <none> <none> kube-system oidc-dex-5cdc87d8c9-pf8xc 1/1 Running 0 15h aefd:206::a4ce:fec1:5423:e328 controller-1 <none> <none> kube-system stx-oidc-client-8485996446-7lk2d 1/1 Running 0 12m aefd:206::8e22:765f:6121:eb5b controller-0 <none> <none> kube-system stx-oidc-client-8485996446-mw4hg 1/1 Running 0 16h aefd:206::a4ce:fec1:5423:e323 controller-1 <none> <none> Test Activity ------------- Feature Testing Workaround ---------- Delete the pod. New pod would be created and scheduled on controller-0.
2024-03-20 15:54:21 João Victor Portal description Brief Description ----------------- Dex pod (eg oidc-dex-5cdc87d8c9-5z5fs) is not scheduled on controller-0 after network restart. This happens because the podAntiAffinity rules are not working correctly, allowing the schedule of 2 pods on the same controller. As a consequence, the other controller will have no dex pods. Severity -------- Minor Steps to Reproduce ------------------ Steps to Reproduce 1. Setup any multinode lab (DX/Std/DC with multinode System Controller) with OIDC. 2. Create Ldap user and verify it has got kubectl access after oidc token generation. 3. Restart network on active controller. Expected Behavior ------------------ once the controller is online and available, dex pod should be scheduled on it. ldap user should be able to login to the controller and access k8s after generating new token. Actual Behavior ---------------- dex pod is not scheduled on controller that was n/w reboot. Both dex pods are scheduled on controller-1. (lab has 2 controllers and hence 2 dex pods) No impact on ldap login. User is able to login, generate token and access k8s cli. Reproducibility --------------- Reproducible Executed n/w restart 2 times and observed same behavior. System Configuration -------------------- DX/Std/DC with multinode System Controller Branch/Pull Time/Commit ----------------------- NA. Last Pass --------- NA. Timestamp/Logs -------------- Before network restart: sysadmin@controller-0:~$ kubectl get pod -A -o wide | grep oidc kube-system oidc-dex-5cdc87d8c9-54lwv 1/1 Running 0 15h aefd:206::8e22:765f:6121:eb72 controller-0 <none> <none> kube-system oidc-dex-5cdc87d8c9-pf8xc 1/1 Running 0 15h aefd:206::a4ce:fec1:5423:e328 controller-1 <none> <none> kube-system stx-oidc-client-8485996446-7zmz4 1/1 Running 0 16h aefd:206::8e22:765f:6121:eb4d controller-0 <none> <none> kube-system stx-oidc-client-8485996446-mw4hg 1/1 Running 0 16h aefd:206::a4ce:fec1:5423:e323 controller-1 <none> <none> sysadmin@controller-0:~$ sudo systemctl restart networking sysadmin@controller-0:~$ After controller-0 is online and available [sysadmin@controller-1 ~(keystone_admin)]$ kubectl get pod -A -o wide | grep oidc kube-system oidc-dex-5cdc87d8c9-5z5fs 1/1 Running 0 12m aefd:206::a4ce:fec1:5423:e325 controller-1 <none> <none> kube-system oidc-dex-5cdc87d8c9-pf8xc 1/1 Running 0 15h aefd:206::a4ce:fec1:5423:e328 controller-1 <none> <none> kube-system stx-oidc-client-8485996446-7lk2d 1/1 Running 0 12m aefd:206::8e22:765f:6121:eb5b controller-0 <none> <none> kube-system stx-oidc-client-8485996446-mw4hg 1/1 Running 0 16h aefd:206::a4ce:fec1:5423:e323 controller-1 <none> <none> Test Activity ------------- Feature Testing Workaround ---------- Delete the pod. New pod would be created and scheduled on controller-0. Brief Description ----------------- Dex pod (eg oidc-dex-5cdc87d8c9-5z5fs) is not scheduled on controller-0 after network restart. This happens because the podAntiAffinity rules are not working correctly, allowing the schedule of 2 dex pods on the same controller. As a consequence, the other controller will have no dex pods. Severity -------- Minor Steps to Reproduce ------------------ Steps to Reproduce 1. Setup any multinode lab (DX/Std/DC with multinode System Controller) with OIDC. 2. Create Ldap user and verify it has got kubectl access after oidc token generation. 3. Restart network on active controller. Expected Behavior ------------------ once the controller is online and available, dex pod should be scheduled on it. ldap user should be able to login to the controller and access k8s after generating new token. Actual Behavior ---------------- dex pod is not scheduled on controller that was n/w reboot. Both dex pods are scheduled on controller-1. (lab has 2 controllers and hence 2 dex pods) No impact on ldap login. User is able to login, generate token and access k8s cli. Reproducibility --------------- Reproducible Executed n/w restart 2 times and observed same behavior. System Configuration -------------------- DX/Std/DC with multinode System Controller Branch/Pull Time/Commit ----------------------- NA. Last Pass --------- NA. Timestamp/Logs -------------- Before network restart: sysadmin@controller-0:~$ kubectl get pod -A -o wide | grep oidc kube-system oidc-dex-5cdc87d8c9-54lwv 1/1 Running 0 15h aefd:206::8e22:765f:6121:eb72 controller-0 <none> <none> kube-system oidc-dex-5cdc87d8c9-pf8xc 1/1 Running 0 15h aefd:206::a4ce:fec1:5423:e328 controller-1 <none> <none> kube-system stx-oidc-client-8485996446-7zmz4 1/1 Running 0 16h aefd:206::8e22:765f:6121:eb4d controller-0 <none> <none> kube-system stx-oidc-client-8485996446-mw4hg 1/1 Running 0 16h aefd:206::a4ce:fec1:5423:e323 controller-1 <none> <none> sysadmin@controller-0:~$ sudo systemctl restart networking sysadmin@controller-0:~$ After controller-0 is online and available [sysadmin@controller-1 ~(keystone_admin)]$ kubectl get pod -A -o wide | grep oidc kube-system oidc-dex-5cdc87d8c9-5z5fs 1/1 Running 0 12m aefd:206::a4ce:fec1:5423:e325 controller-1 <none> <none> kube-system oidc-dex-5cdc87d8c9-pf8xc 1/1 Running 0 15h aefd:206::a4ce:fec1:5423:e328 controller-1 <none> <none> kube-system stx-oidc-client-8485996446-7lk2d 1/1 Running 0 12m aefd:206::8e22:765f:6121:eb5b controller-0 <none> <none> kube-system stx-oidc-client-8485996446-mw4hg 1/1 Running 0 16h aefd:206::a4ce:fec1:5423:e323 controller-1 <none> <none> Test Activity ------------- Feature Testing Workaround ---------- Delete the pod. New pod would be created and scheduled on controller-0.
2024-03-22 13:55:54 OpenStack Infra starlingx: status In Progress Fix Released
2024-03-25 18:54:56 Ghada Khalil starlingx: importance Undecided Low
2024-03-25 18:55:09 Ghada Khalil tags stx.10.0 stx.apps
2024-03-25 18:55:23 Ghada Khalil starlingx: assignee João Victor Portal (jvictorp)