Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Prevent seed-boostrap to delete Shoot VPA RBAC #2639

Merged
merged 1 commit into from
Jul 30, 2020
Merged

Prevent seed-boostrap to delete Shoot VPA RBAC #2639

merged 1 commit into from
Jul 30, 2020

Conversation

ialidzhikov
Copy link
Member

@ialidzhikov ialidzhikov commented Jul 29, 2020
edited

How to categorize this PR?

/area auto-scaling
/kind bug
/priority normal

What this PR does / why we need it:
Currently for a Shoot cluster which is registered as Seed, the seed controller wrongly deletes VPA RBAC from the cluster when the Shoot hasspec.kubernetes.verticalPodAutoscaler.enabled=true and the corresponding Seed has
spec.settings.verticalPodAutoscaler.enabled=false.
The Shoot cluster SystemComponentsHealthy is constantly flapping (caused by the 2 control loops acting on the same resource - seed controller deleting it and gardener-resource-manager creating it):

    - type: SystemComponentsHealthy
      status: 'False'
      lastTransitionTime: '2020-07-29T11:55:26Z'
      lastUpdateTime: '2020-07-29T11:57:26Z'
      reason: ClusterRoleMissing
      message: 'Required ClusterRole "system:evictioner" in namespace "" is missing.'

This PR adds the cluster type (shoot or seed) as part of the VPA RBAC name and in this way prevents the issue.

Release note:

An issue causing the seed controller to delete VPA RBAC for ShootedSeed is now fixed.

@ialidzhikov
Prevent seed-boostrap to delete Shoot VPA RBAC
e7562b9 
Signed-off-by: ialidzhikov <i.alidjikov@gmail.com>
@ialidzhikov ialidzhikov requested a review from a team as a code owner July 29, 2020 12:03
@gardener-robot gardener-robot added area/auto-scaling Auto-scaling (CA/HPA/VPA/HVPA, predominantly control plane, but also otherwise) related kind/bug Bug priority/normal labels Jul 29, 2020
rfranzke
rfranzke approved these changes Jul 30, 2020
View reviewed changes
Copy link
Member

@rfranzke rfranzke left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@rfranzke rfranzke merged commit 9b5798d into gardener:master Jul 30, 2020
@ialidzhikov ialidzhikov deleted the fix/rbac-conflict branch July 30, 2020 10:08
@vpnachev vpnachev mentioned this pull request Jul 31, 2020
Merged
@ialidzhikov ialidzhikov mentioned this pull request Sep 24, 2020
Merged
@gardener-robot gardener-robot added priority/3 Priority (lower number equals higher priority) and removed priority/3 Priority (lower number equals higher priority) labels Mar 8, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rfranzke rfranzke rfranzke approved these changes

Assignees
No one assigned
Labels
area/auto-scaling Auto-scaling (CA/HPA/VPA/HVPA, predominantly control plane, but also otherwise) related kind/bug Bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@ialidzhikov @rfranzke @gardener-robot-ci-2 @gardener-robot