search

kubernetes / cloud-provider-openstack

Apache License 2.0
616 stars 601 forks source link

[octavia-ingress-controller] TLS ingress fails to update member pool #1520

Closed edmv-everis closed 3 years ago

edmv-everis commented 3 years ago

Is this a BUG REPORT or FEATURE REQUEST?: /kind bug

What happened:

When creating an Ingress with TLS, it fails trying to update octavia's LB pool, as in the following message:

INFO [2021-05-03T21:06:43Z] creating pool ingress=default/tls-octavia-ingress lbID=3f72f0d1-7f18-4b00-bef3-9026fd975e93 poolName=1ac29a27decdf846bcd9574e8a8a0142a754b975ec00f1c958a553b98c7993d5 INFO [2021-05-03T21:06:44Z] pool created ingress=default/tls-octavia-ingress lbID=3f72f0d1-7f18-4b00-bef3-9026fd975e93 poolID=a55ea5f5-2d42-427b-9b11-4fc7141ebe47 poolName=1ac29a27decdf846bcd9574e8a8a0142a754b975ec00f1c958a553b98c7993d5 INFO [2021-05-03T21:06:44Z] updating pool members ingress=default/tls-octavia-ingress lbID=3f72f0d1-7f18-4b00-bef3-9026fd975e93 poolID=a55ea5f5-2d42-427b-9b11-4fc7141ebe47 poolName=1ac29a27decdf846bcd9574e8a8a0142a754b975ec00f1c958a553b98c7993d5 E0503 21:06:44.442700 1 controller.go:504] failed to create openstack resources for ingress default/tls-octavia-ingress: failed to update pool members, error: Expected HTTP response code [202] when accessing [PUT http://10.30.23.2:9876/v2.0/lbaas/pools/a55ea5f5-2d42-427b-9b11-4fc7141ebe47/members], but got 409 instead {"faultcode": "Client", "faultstring": "Pool a55ea5f5-2d42-427b-9b11-4fc7141ebe47 is immutable and cannot be updated.", "debuginfo": null}

What you expected to happen:

A TLS ingress successfully created

How to reproduce it:

Follow the steps indicated here: enable TLS encryption

Anything else we need to know?:

Not at the moment.

Environment:

lingxiankong commented 3 years ago

Hi @edmv-everis have you checked the pool information in Octavia?

edmv-everis commented 3 years ago

Anything in particular I should be looking at?

From horizon all I see is that the pool is in Error state and not much else.

lingxiankong commented 3 years ago

Anything in particular I should be looking at?

From horizon all I see is that the pool is in Error state and not much else.

So you need to check you LBaaS. It's expected that octavia-ingress-controller failed to update pool members because the pool is not in operational status.