search

openshift / openshift-ansible

Install and config an OpenShift 3.x cluster
https://try.openshift.com
Apache License 2.0
2.18k stars 2.31k forks source link

Solution for 3.11.104 upgrade problem (incorrect apiserver readiness probe URL) #11696

Closed rearden-steel closed 4 years ago

rearden-steel commented 5 years ago

Description

Seems that this commit (https://github.com/openshift/openshift-ansible/commit/0e8ca95cdc90fc99d493f82391bdf268e269d455) breaks apiserver and controller-manager deployments because /healthz/ready URL returns 404.

sh-4.2# curl -k -v https://localhost:6443/healthz/ready
* About to connect() to localhost port 6443 (#0)
*   Trying ::1...
* Connected to localhost (::1) port 6443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* skipping SSL peer certificate verification
* NSS: client certificate not found (nickname not specified)
* SSL connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
* Server certificate:
*       subject: CN=apiserver.kube-service-catalog
*       start date: Jun 13 16:31:31 2019 GMT
*       expire date: Jun 12 16:31:32 2021 GMT
*       common name: apiserver.kube-service-catalog
*       issuer: CN=service-catalog-signer
> GET /healthz/ready HTTP/1.1
> User-Agent: curl/7.29.0
> Host: localhost:6443
> Accept: */*
>
< HTTP/1.1 404 Not Found
< Content-Type: application/json
< Date: Fri, 14 Jun 2019 17:09:37 GMT
< Content-Length: 399
<
{
  "paths": [
    "/apis",
    "/apis/servicecatalog.k8s.io",
    "/apis/servicecatalog.k8s.io/v1beta1",
    "/apis/settings.servicecatalog.k8s.io",
    "/healthz",
    "/healthz/etcd",
    "/healthz/ping",
    "/healthz/poststarthook/generic-apiserver-start-informers",
    "/healthz/poststarthook/start-service-catalog-apiserver-informers",
    "/metrics",
    "/swaggerapi",
    "/version"
  ]
* Connection #0 to host localhost left intact

sh-4.2# curl -k -v https://localhost:6443/healthz
* About to connect() to localhost port 6443 (#0)
*   Trying ::1...
* Connected to localhost (::1) port 6443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* skipping SSL peer certificate verification
* NSS: client certificate not found (nickname not specified)
* SSL connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
* Server certificate:
*       subject: CN=apiserver.kube-service-catalog
*       start date: Jun 13 16:31:31 2019 GMT
*       expire date: Jun 12 16:31:32 2021 GMT
*       common name: apiserver.kube-service-catalog
*       issuer: CN=service-catalog-signer
> GET /healthz HTTP/1.1
> User-Agent: curl/7.29.0
> Host: localhost:6443
> Accept: */*
>
< HTTP/1.1 200 OK
< Date: Fri, 14 Jun 2019 17:10:16 GMT
< Content-Length: 2
< Content-Type: text/plain; charset=utf-8
<
* Connection #0 to host localhost left intact
Version
openshift-ansible-3.11.104-1.git.0.379a011.el7.noarch
Expected Results

Use /healthz URL for both probes?

openshift-bot commented 4 years ago

Issues go stale after 90d of inactivity.

Mark the issue as fresh by commenting /remove-lifecycle stale. Stale issues rot after an additional 30d of inactivity and eventually close. Exclude this issue from closing by commenting /lifecycle frozen.

If this issue is safe to close now please do so with /close.

/lifecycle stale

openshift-bot commented 4 years ago

Stale issues rot after 30d of inactivity.

Mark the issue as fresh by commenting /remove-lifecycle rotten. Rotten issues close after an additional 30d of inactivity. Exclude this issue from closing by commenting /lifecycle frozen.

If this issue is safe to close now please do so with /close.

/lifecycle rotten /remove-lifecycle stale

openshift-bot commented 4 years ago

Rotten issues close after 30d of inactivity.

Reopen the issue by commenting /reopen. Mark the issue as fresh by commenting /remove-lifecycle rotten. Exclude this issue from closing again by commenting /lifecycle frozen.

/close

openshift-ci-robot commented 4 years ago

@openshift-bot: Closing this issue.

In response to [this](https://github.com/openshift/openshift-ansible/issues/11696#issuecomment-667324363): >Rotten issues close after 30d of inactivity. > >Reopen the issue by commenting `/reopen`. >Mark the issue as fresh by commenting `/remove-lifecycle rotten`. >Exclude this issue from closing again by commenting `/lifecycle frozen`. > >/close Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.