New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Security group isn't deleted after load balancer was deleted from OpenStack (v1.10.8) #69026

Open
piwi91 opened this Issue Sep 25, 2018 · 1 comment

Comments

Projects
None yet
3 participants
@piwi91

piwi91 commented Sep 25, 2018

Is this a BUG REPORT or FEATURE REQUEST?:

/kind bug

What happened:

The security group isn't removed from OpenStack after the Load Balancer was removed from OpenStack. this process is triggered by removing the Load Balancer service from Kubernetes.

What you expected to happen:

I expect that the security group is removed too after the load balancer is removed.

How to reproduce it (as minimally and precisely as possible):

Setup Kubernetes v1.10.8 cluster with OpenStack cloud configured:

[Global]
auth-url=https://identity.openstack.cloudvps.com/v3
username=xxx
password=xxx
region=xxx
tenant-name=xxx
domain-name=Default
[LoadBalancer]
lb-version=v2
subnet-id=xxx
floating-network-id=xxx
lb-method=ROUND_ROBIN
create-monitor=true
monitor-delay=300s
monitor-timeout=30s
monitor-max-retries=3
manage-security-groups=true
[Route]
router-id=xxx

Create a deployment 'hello-world': kubectl create deployment --image crccheck/hello-world hello-world
Create a loadbalancer service 'hello-world': kubectl create service loadbalancer hello-world --tcp=80:8000
Get the external IP from Kubernetes: kubectl get svc and open the hello-world page
Go to OpenStack and see that there is a security group created
Remove the loadbalancer service 'hello-world': kubectl delete svc hello-world
Check that the load balancer is removed but the security group still exists

Anything else we need to know?:

In the source code, I find this line: https://github.com/kubernetes/kubernetes/blob/v1.10.8/pkg/cloudprovider/providers/openstack/openstack_loadbalancer.go#L1508

So, I expect that I should get an error in the controller when the security group couldn't be removed but there isn't.

The log of the controller:

I0925 08:05:48.627547       1 service_controller.go:726] Service has been deleted default/hello-world. Attempting to cleanup load balancer resources
I0925 08:05:48.628062       1 event.go:218] Event(v1.ObjectReference{Kind:"Service", Namespace:"default", Name:"hello-world", UID:"afc8e9d7-c099-11e8-9445-02a46508aee5", APIVersion:"v1", ResourceVersion:"3036559", FieldPath:""}): type
: 'Normal' reason: 'DeletingLoadBalancer' Deleting load balancer
E0925 08:05:51.336694       1 service_controller.go:219] error processing service default/hello-world (will retry): failed to delete loadbalancer: Resource not found
I0925 08:05:51.336873       1 event.go:218] Event(v1.ObjectReference{Kind:"Service", Namespace:"default", Name:"hello-world", UID:"afc8e9d7-c099-11e8-9445-02a46508aee5", APIVersion:"v1", ResourceVersion:"3036559", FieldPath:""}): type
: 'Warning' reason: 'DeletingLoadBalancerFailed' Error deleting load balancer (will retry): failed to delete loadbalancer: Resource not found
I0925 08:05:56.336785       1 service_controller.go:726] Service has been deleted default/hello-world. Attempting to cleanup load balancer resources
I0925 08:05:56.337114       1 event.go:218] Event(v1.ObjectReference{Kind:"Service", Namespace:"default", Name:"hello-world", UID:"afc8e9d7-c099-11e8-9445-02a46508aee5", APIVersion:"v1", ResourceVersion:"3036559", FieldPath:""}): type
: 'Normal' reason: 'DeletingLoadBalancer' Deleting load balancer
I0925 08:05:56.418601       1 event.go:218] Event(v1.ObjectReference{Kind:"Service", Namespace:"default", Name:"hello-world", UID:"afc8e9d7-c099-11e8-9445-02a46508aee5", APIVersion:"v1", ResourceVersion:"3036559", FieldPath:""}): type
: 'Normal' reason: 'DeletedLoadBalancer' Deleted load balancer

Environment:

  • Kubernetes version (use kubectl version):
Client Version: version.Info{Major:"1", Minor:"8", GitVersion:"v1.8.0", GitCommit:"6e937839ac04a38cac63e6a7a306c5d035fe7b0a", GitTreeState:"clean", BuildDate:"2017-09-28T22:57:57Z", GoVersion:"go1.8.3", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"10", GitVersion:"v1.10.8", GitCommit:"7eab6a49736cc7b01869a15f9f05dc5b49efb9fc", GitTreeState:"clean", BuildDate:"2018-09-14T15:54:20Z", GoVersion:"go1.9.3", Compiler:"gc", Platform:"linux/amd64"}

I'm aware of the older client version, this is because our production environment is still v1.8.x because of ealier issues with OpenStack (which are resolved in the latest 1.10.x version).

  • Cloud provider or hardware configuration: OpenStack
  • OS (e.g. from /etc/os-release): CentOS 7
  • Kernel (e.g. uname -a): Linux xxx 3.10.0-862.6.3.el7.x86_64 #1 SMP Tue Jun 26 16:32:21 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
  • Install tools: N/A
  • Others: N/A
@shubheksha

This comment has been minimized.

Show comment
Hide comment
@shubheksha

shubheksha Sep 25, 2018

Contributor

/sig openstack

Contributor

shubheksha commented Sep 25, 2018

/sig openstack

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment