Bug 1781707: openshift-sdn, CNO: handle new kubeconfig path

[squeed]

We pull the apiserver url from the kubelet's kubeconfig. This has changed, and can be found in one of two places. Check them both.

Ultimately we need to generate this in a more sustainable way, but this is a good workaround (and easily backportable).

[openshift-ci-robot]

@squeed: An error was encountered adding this pull request to the external tracker bugs for bug 1781707 on the Bugzilla server at https://bugzilla.redhat.com:

JSONRPC error 100500: Insecure dependency in parameter 3 of DBI::db=HASH(0x55b6fb1ab018)->do method call while running with -T switch at /loader/0x55b6f4cee870/Bugzilla/Extension/ExternalBugs/Bug.pm line 327.
at /loader/0x55b6f4cee870/Bugzilla/Extension/ExternalBugs/Bug.pm line 327.
Bugzilla::Extension::ExternalBugs::Bug::update_ext_info('Bugzilla::Extension::ExternalBugs::Bug=HASH(0x55b6fb421540)', 1) called at /loader/0x55b6f4cee870/Bugzilla/Extension/ExternalBugs/Bug.pm line 121
Bugzilla::Extension::ExternalBugs::Bug::create('Bugzilla::Extension::ExternalBugs::Bug', 'HASH(0x55b6fb3f3568)') called at /var/www/html/bugzilla/extensions/ExternalBugs/Extension.pm line 858
Bugzilla::Extension::ExternalBugs::bug_start_of_update('Bugzilla::Extension::ExternalBugs=HASH(0x55b6fb207600)', 'HASH(0x55b6fb3a1400)') called at /var/www/html/bugzilla/Bugzilla/Hook.pm line 21
Bugzilla::Hook::process('bug_start_of_update', 'HASH(0x55b6fb3a1400)') called at /var/www/html/bugzilla/Bugzilla/Bug.pm line 1170
Bugzilla::Bug::update('Bugzilla::Bug=HASH(0x55b6fb3a0058)') called at /loader/0x55b6f4cee870/Bugzilla/Extension/ExternalBugs/WebService.pm line 80
Bugzilla::Extension::ExternalBugs::WebService::add_external_bug('Bugzilla::WebService::Server::JSONRPC::Bugzilla::Extension::E...', 'HASH(0x55b6fb0ad910)') called at (eval 1985) line 1
eval ' $procedure->{code}->($self, @params)
;' called at /usr/share/perl5/vendor_perl/JSON/RPC/Legacy/Server.pm line 220
JSON::RPC::Legacy::Server::_handle('Bugzilla::WebService::Server::JSONRPC::Bugzilla::Extension::E...', 'HASH(0x55b6fb0c14f0)') called at /var/www/html/bugzilla/Bugzilla/WebService/Server/JSONRPC.pm line 295
Bugzilla::WebService::Server::JSONRPC::_handle('Bugzilla::WebService::Server::JSONRPC::Bugzilla::Extension::E...', 'HASH(0x55b6fb0c14f0)') called at /usr/share/perl5/vendor_perl/JSON/RPC/Legacy/Server.pm line 126
JSON::RPC::Legacy::Server::handle('Bugzilla::WebService::Server::JSONRPC::Bugzilla::Extension::E...') called at /var/www/html/bugzilla/Bugzilla/WebService/Server/JSONRPC.pm line 70
Bugzilla::WebService::Server::JSONRPC::handle('Bugzilla::WebService::Server::JSONRPC::Bugzilla::Extension::E...') called at /var/www/html/bugzilla/jsonrpc.cgi line 31
ModPerl::ROOT::Bugzilla::ModPerl::ResponseHandler::var_www_html_bugzilla_jsonrpc_2ecgi::handler('Apache2::RequestRec=SCALAR(0x55b6fb23c358)') called at /usr/lib64/perl5/vendor_perl/ModPerl/RegistryCooker.pm line 207
eval {...} called at /usr/lib64/perl5/vendor_perl/ModPerl/RegistryCooker.pm line 207
ModPerl::RegistryCooker::run('Bugzilla::ModPerl::ResponseHandler=HASH(0x55b6fb21d800)') called at /usr/lib64/perl5/vendor_perl/ModPerl/RegistryCooker.pm line 173
ModPerl::RegistryCooker::default_handler('Bugzilla::ModPerl::ResponseHandler=HASH(0x55b6fb21d800)') called at /usr/lib64/perl5/vendor_perl/ModPerl/Registry.pm line 32
ModPerl::Registry::handler('Bugzilla::ModPerl::ResponseHandler', 'Apache2::RequestRec=SCALAR(0x55b6fb23c358)') called at /var/www/html/bugzilla/mod_perl.pl line 139
Bugzilla::ModPerl::ResponseHandler::handler('Bugzilla::ModPerl::ResponseHandler', 'Apache2::RequestRec=SCALAR(0x55b6fb23c358)') called at (eval 1985) line 0
eval {...} called at (eval 1985) line 0

Please contact an administrator to resolve this issue, then request a bug refresh with /bugzilla refresh.

In response to this:

Bug 1781707: openshift-sdn, CNO: handle new kubeconfig path

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[juanluisvaladas]

/retest
/lgtm as a long as the location of the apiserver's kubeconfig doesn't change very often.
In the long run we probably want to have a standard for every component managed by the cluster operator.

[juanluisvaladas]

/lgtm

[juanluisvaladas]

I'm not very fond of having this defined in multiple places, but gets the job done.

[danwinship]

Have you discussed this with whatever team moved the file so they know we're depending on it?

[danwinship]

also maybe a good excuse to switch sdn to using KUBERNETES_SERVICE_HOST/KUBERNETES_SERVICE_PORT overrides? We ought to be able to just set those variables and then stop passing --url-only-kubeconfig, right?

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[squeed]

/hold cancel
/retest

[squeed]

Bah:
open /var/lib/kubelet/kubeconfig: permission denied

[squeed]

weird, failed with no artifacts. either fluke or we really nuked the cluster.
/test e2e-gcp-upgrade

[squeed]

OK, now I'm really confused: the CNO is privileged and yet it's still getting permission denied.

[danwinship]

selinux

[squeed]

selinux

Yup, but privileged: true should be sufficient. Bah.

[squeed]

Well, that's never going to pass. Looking at the manifests, the kubeconfig we expect should continue to exist on the masters. So, we can just get it from the CNO to fix the immediate in-the-wild bug.

So, undo the changes to the CNO, but still stop the SDN from reading kubeconfig.

[squeed]

gcp took a nap
/retest

[squeed]

filed SDN-740 to stop reading the kubeconfig.

[squeed]

still more gcp oddities
/retest

[pecameron]

/lgtm

[openshift-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: juanluisvaladas, pecameron, squeed

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [squeed]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-ci-robot]

@squeed: All pull requests linked via external trackers have merged. Bugzilla bug 1781707 has been moved to the MODIFIED state.

In response to this:

Bug 1781707: openshift-sdn, CNO: handle new kubeconfig path

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[juanluisvaladas]

/cherrypick release-4.3

[openshift-cherrypick-robot]

@juanluisvaladas: new pull request created: #429

In response to this:

/cherrypick release-4.3

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[squeed]

Let's pick this to 4.2 too.

[juanluisvaladas]

Before merging? OK
/cherrypick release-4.2

[openshift-cherrypick-robot]

@juanluisvaladas: #420 failed to apply on top of branch "release-4.2":

error: Failed to merge in the changes.
Using index info to reconstruct a base tree...
M	bindata/network/openshift-sdn/controller.yaml
M	bindata/network/openshift-sdn/sdn.yaml
Falling back to patching base and 3-way merge...
Auto-merging bindata/network/openshift-sdn/sdn.yaml
CONFLICT (content): Merge conflict in bindata/network/openshift-sdn/sdn.yaml
Auto-merging bindata/network/openshift-sdn/controller.yaml
Patch failed at 0001 sdn: Get apiserver URL from CNO, not from kubeconfig

In response to this:

Before merging? OK
/cherrypick release-4.2

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.