Fix for kubelet failure on deployment with insecure registries
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| StarlingX |
Fix Released
|
Medium
|
Rakshith M R | ||
Bug Description
Brief Description
-----------------
Lab configured with insecure registries did not have the correct
containerd config format, since containerd v1.5 code deprecation
fix x was introduced.
While deploying system with insecure registries, i.e., when the
flag "secure" is set to False in deployment yml. It is observed
that there was critical kubelet failure.
Code changes to be made according to
https:/
Severity
--------
Major: System/Feature is usable but degraded
Steps to Reproduce
------------------
1. Install AIO-SX
Build "2024-06-
VDM updated on master branch (last commit: 51f8985ecb)
Using dm_dir './vdm/
2. After unlocking controller-0, check alarms and use of Kubernetes commands
Expected Behavior
-----------------
No Kubernetes alarms and system working.
Actual Behavior
---------------
Critical kubelet failure on AIO-SX.
Reproducibility
---------------
Reproducible
System Configuration
-------
AIO-SX.
Alarms
-------
[sysadmin@
-------
Alarm Reason Text Entity ID Severity Time Stamp
ID
-------
250.001 controller-0 Configuration is out-of-date. host= major 2024-06-17T
(applied: ede4a670-
target: 33b2eb3c-
200.004 controller-0 experienced a service-affecting host= critical 2024-06-17T
failure. Auto-recovery in progress. Manual controller-0 04:56:53.
Lock and Unlock may be required if auto- 549692
recovery is unsuccessful.
200.006 controller-0 critical 'kubelet' process has host= critical 2024-06-17T
failed and could not be auto-recovered controller-0. 04:56:53.
gracefully. Auto-recovery progression by host process= 525962
reboot is required and in progress. Manual kubelet
Lock and Unlock may be required if auto-
recovery is unsuccessful.
-------
Test Activity
---------------
Developer Testing
| Changed in starlingx: | |
| assignee: | nobody → Rakshith M R (rakshith-mr) |
| Changed in starlingx: | |
| status: | New → In Progress |
| description: | updated |
| description: | updated |
| summary: |
- Critical kubelet failure on AIO-SX installed with VDM + Fix for kubelet failure on deployment with insecure registries |
| OpenStack Infra (hudson-openstack) wrote Fix merged to stx-puppet (master) | #1 |
| Changed in starlingx: | |
| status: | In Progress → Fix Released |
| Changed in starlingx: | |
| importance: | Undecided → Medium |
| tags: | added: stx.10.0 stx.containers |
Reviewed: https:/
Committed: https:/
Submitter: "Zuul (22348)"
Branch: master
commit cb7b963bf364786
Author: rakshith mr <email address hidden>
Date: Mon Jul 8 06:10:40 2024 -0400
Fix for kubelet failure on deployment with insecure registries
Containerd v1.5 code deprecation fix extended for insecure
registries.
While deploying system with insecure registries, i.e., when the
flag "secure" is set to False in deployment yml. It is observed
that there was critical kubelet failure. This is to fix that
issue and code changes made according to
https:/
Test Plan:
PASS: Deploy AIO-SX and verify containerd config file format is
as expected.
PASS: Deploy AIO-SX with insecure registries and verify containerd
config file format is as expected.
PASS: k8s upgrade from 1.27.5 to 1.28.4 in AIO-SX
PASS: Multi-version k8s upgrade from 1.26.1 to 1.28.4 in AIO-SX
PASS: Kubernetes version upgrade from v1.28.4 to v1.29.2 using
Cloud Orchestration Strategy.
PASS: Installing on a subcloud in a DC environment.
Closes-bug: 2072535
Change-Id: If884a6710991dd
Signed-off-by: rakshith mr <email address hidden>