Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CSI controller crashes in deployments using current templates #2331

Closed
laozc opened this issue Sep 7, 2023 · 8 comments · Fixed by #2364
Closed

CSI controller crashes in deployments using current templates #2331

laozc opened this issue Sep 7, 2023 · 8 comments · Fixed by #2364
Labels
kind/bug Categorizes issue or PR as related to a bug.

Comments

@laozc
Copy link
Member

laozc commented Sep 7, 2023

/kind bug

What steps did you take and what happened:
CSI plugin needs insecure-flag to be set without trusted CA even when the thumbprint is provided.
The templates in the CAPV source does not contain this flag.

What did you expect to happen:

Anything else you would like to add:
CAPV does not require the insecure flag when the thumbprint is provided.
This should be aligned in the future to avoid customer confusion.

Environment:

  • Cluster-api-provider-vsphere version:
  • Kubernetes version: (use kubectl version):
  • OS (e.g. from /etc/os-release):
@k8s-ci-robot k8s-ci-robot added the kind/bug Categorizes issue or PR as related to a bug. label Sep 7, 2023
@sbueringer
Copy link
Member

Hm that's not great.

@chrischdi Didn't we use our normal templates for our tests with that combination of config?

@laozc laozc changed the title insecure-flag is not set in templates CSI plugin insecure-flag is not set in templates Sep 7, 2023
@chrischdi
Copy link
Member

I thought we do not need the insecure flag when there is a thumbprint: https://github.com/kubernetes-sigs/cluster-api-provider-vsphere/blob/main/templates/cluster-template.yaml#L451

This was actually introduced to be like that in #1819 .

@sbueringer
Copy link
Member

I think we also used this cluster-template like this for our CAPI scale test where we setup a CAPV cluster?
(I'm not exactly sure if we validated the whole thing including that CSI is up/working)

@laozc
Copy link
Member Author

laozc commented Sep 8, 2023

We may grab the config from the cluster to double check.
The image in my provisioned cluster is gcr.io/cloud-provider-vsphere/csi/release/driver:v2.1.0 and it keeps crashing without the flag.

@chrischdi
Copy link
Member

I think I did see the same issue while running locally yesterday (did not have time though to invest).

Wondering how the conformance tests work (or if they test pvc's).

@sbueringer
Copy link
Member

Probably don't test PVC's because they can't assume a CSI is deployed

@sbueringer
Copy link
Member

Maybe the old CSI driver version could explain it? IIRC current version is 3 something? I think we should upgrade that in any case and maybe that also solves the problem?

@laozc
Copy link
Member Author

laozc commented Sep 18, 2023

Tried to bump the CSI driver to latest 3.1.0 and it solved the issue.

@laozc laozc changed the title CSI plugin insecure-flag is not set in templates CSI controller crashes in deployments using current templates Sep 18, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
kind/bug Categorizes issue or PR as related to a bug.
Projects
None yet
Development

Successfully merging a pull request may close this issue.

4 participants