Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

keystone-auth webhook causes failure in Magnum clusters #301

Open
waipeng opened this issue Apr 8, 2024 · 0 comments
Open

keystone-auth webhook causes failure in Magnum clusters #301

waipeng opened this issue Apr 8, 2024 · 0 comments

Comments

@waipeng
Copy link

waipeng commented Apr 8, 2024
edited
Loading

While testing out new versions of this chart, I found that #91 may have broken how Magnum uses this chart via the magnum-capi-helm driver. Using mostly defaults for the cluster template, creating a Magnum cluster using the latest driver code and v0.5.0 of this chart results in a cluster that cannot complete creating. Further investigations shows:

root@jake-7g23skeiu6mk-control-plane-d304fe4f-c2dtm:~# kubectl get clusterrolebindings cluster-admin
Error from server (InternalError): an error on the server ("Internal Server Error: \"/apis/rbac.authorization.k8s.io/v1/clusterrolebindings/cluster-admin\": Post \"https://127.0.0.1:8443/webhook?timeout=30s\": dial tcp 127.0.0.1:8443: connect: connection refused") has prevented the request from succeeding (get clusterrolebindings.rbac.authorization.k8s.io cluster-admin)

The URL https://127.0.0.1:8443 is the defaults from stackhpc@2bfe594#diff-69445aa57c2a517f040e86a387853612efaacca40edb3ba2988de35a859dcf38R399

This happened because magnum-capi-helm driver defaults keystone-auth to True [1]. Perhaps more testing needs to be done between magnum-capi-helm driver and this?

[1] https://github.com/stackhpc/magnum-capi-helm/blob/v0.12.0/magnum_capi_helm/driver.py#L587
openstack-mirroring referenced this issue in openstack/magnum-capi-helm Apr 17, 2024
@waipeng
Disable keystone-auth by default
8f802d0 
A recent commit in capi-helm-charts[1] added support for keystone-auth.
However, the feature is not working yet and now kubeadm fails to init
the cluster.

Disable keystone-auth by default for now, until the feature is fixed in
the charts.

[1] https://github.com/stackhpc/capi-helm-charts/pull/91
[2] https://github.com/stackhpc/capi-helm-charts/issues/301

Change-Id: Idb603f4e5b57e004453af2460c3d84225cacf6fa
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@waipeng