Comments (11)
Is there a workaround for this? using the openshift-installer from master and apiserver just continues to get restarted.
from cluster-kube-apiserver-operator.
The installer default changed in openshift/installer@c6c9d83 (openshift/installer#712). Ideally operators should be pulling this value from the network config.
from cluster-kube-apiserver-operator.
Example of pulling this from the network config:
$ oc get -o jsonpath="{.spec.serviceNetwork}{'\n'}" networkconfig default
172.30.0.0/16
from cluster-kube-apiserver-operator.
Operators are not manually setting this. Services created by the CVO are getting assigned the 172.x block, and then it looks like we change what the value is. The CVO service for instance has no hardcoded IP and is getting a 172.
from cluster-kube-apiserver-operator.
This is breaking openshift API server on GCP setup:
E1127 13:27:12.158406 1 controller.go:111] loading OpenAPI spec for "v1.image.openshift.io" failed with: failed to retrieve openAPI spec, http error: ResponseCode: 503, Body: service unavailable
E1127 13:27:50.036693 1 available_controller.go:327] v1.template.openshift.io failed with: Get https://172.30.222.191:443: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
# oc get svc -n openshift-apiserver
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
api ClusterIP 172.30.222.191 <none> 443/TCP 47m
# oc get events -n openshift-apiserver
1m 43m 16 api.156afbe83ec48845 Service Warning ClusterIPOutOfRange ipallocator-repair-controller Cluster IP 172.30.222.191 is not within the service CIDR 10.3.0.0/16; please recreate service
52s 42m 16 api.156afbed986f0063 Service Warning ClusterIPOutOfRange ipallocator-repair-controller Cluster IP 172.30.222.191 is not within the service CIDR 10.3.0.0/16; please recreate service
11s 45m 17 api.156afbcd22e6d3bb Service Warning ClusterIPOutOfRange ipallocator-repair-controller Cluster IP 172.30.222.191 is not within the service CIDR 10.3.0.0/16; please recreate service
from cluster-kube-apiserver-operator.
I believe this is also due to a race between our config observers seeing a valid and updated config and the operator installing phase 2 pods blindly to the master. We have to make sure that the config is valid and complete before an install is tried.
Working on this.
from cluster-kube-apiserver-operator.
Fixed in #146
from cluster-kube-apiserver-operator.
api
service is now correct, but cm/deployment-kube-apiserver-config
still has "servicesSubnet":"10.3.0.0/16"
from cluster-kube-apiserver-operator.
Also interested in a workaround!
from cluster-kube-apiserver-operator.
@vrutkovs you reopened this. Is this still a problem? (I checked in a local cluster and all services had correct IPs). If not, please close.
from cluster-kube-apiserver-operator.
Fixed by #147, servicesSubnet
is correct and no services are created with 10.3....
from cluster-kube-apiserver-operator.
Related Issues (20)
- [Audit log policy profiles] Could you add a profile or other mechanism to disable audit logging HOT 12
- Enable Kubernetes FeatureGate flags HOT 4
- aggregator-client-signer got inconsistent cert validity period HOT 4
- Allow runtime/default seccomp profile in the built-in SCCs HOT 9
- More details required for the error message. HOT 4
- kube-apiserver rollout too long HOT 5
- kube-apiserver has too much error installer pod HOT 4
- observedconfig of kubeapiserver operator HOT 4
- Skip generate cert when network config status.serviceNetwork is nil HOT 5
- Access to a privileged container allows for breakout to the underlying host HOT 4
- StorageVersionMigration about flowcontrol.apiserver.k8s.io should be deleted HOT 2
- regenerate-certificates has too many CA's in csr-signer HOT 4
- How to update kube apiserver to point to a new file HOT 6
- The kube-apiserver pods can't resolve internal cluster DNS names. HOT 1
- How to change event-ttl of API Server HOT 2
- Use ServiceAccountToken volumes HOT 5
- you'll need metrics eventually. HOT 4
- outage calculation in upgrade looks incorrect. See HOT 4
- add TCP connection status label HOT 4
- kube-apiserver-cert-regeneration-controller in weird state HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cluster-kube-apiserver-operator.