Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 1691046 - masterClientConnectionOverrides set in node-config.yaml is ignored.
Summary: masterClientConnectionOverrides set in node-config.yaml is ignored.
Keywords:
Status: NEW
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Pod
Version: 3.11.0
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
: 3.11.z
Assignee: Seth Jennings
QA Contact: Weinan Liu
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-03-20 17:37 UTC by Ryan Howe
Modified: 2019-04-10 03:33 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Target Upstream Version:


Attachments (Terms of Use)

Description Ryan Howe 2019-03-20 17:37:35 UTC
Description of problem:

Installer configures the following in the node-config.yaml

```
masterClientConnectionOverrides:
  acceptContentTypes: application/vnd.kubernetes.protobuf,application/json
  burst: 40
  contentType: application/vnd.kubernetes.protobuf
  qps: 20
```

 https://github.com/openshift/openshift-ansible/blob/master/roles/openshift_node_group/templates/node-config.yaml.j2#L59-L63

Yet I do not see these getting passed to the kubelet. 

3.9 example log: 

[start_node.go:535] kubelet [--address=0.0.0.0 --allow-privileged=true --anonymous-auth=true --authentication-token-webhook=true --authentication-token-webhook-cache-ttl=5m --authorization-mode=Webhook --authorization-webhook-cache-authorized-ttl=5m --authorization-webhook-cache-unauthorized-ttl=5m --cadvisor-port=0 --cgroup-driver=systemd --client-ca-file=/etc/origin/node/ca.crt --cluster-dns=10.10.92.202 --cluster-domain=cluster.local --container-runtime-endpoint=/var/run/dockershim.sock --containerized=false --experimental-dockershim-root-directory=/var/lib/dockershim --file-check-frequency=0s --healthz-bind-address= --healthz-port=0 --host-ipc-sources=api --host-ipc-sources=file --host-network-sources=api --host-network-sources=file --host-pid-sources=api --host-pid-sources=file --hostname-override=master-0.sharedocp39.lab.rdu2.cee.redhat.com --http-check-frequency=0s --image-service-endpoint=/var/run/dockershim.sock --iptables-masquerade-bit=0 --kubeconfig=/etc/origin/node/system:node:master.test.com.kubeconfig --max-pods=250 --network-plugin=cni --node-ip= --pod-infra-container-image=openshift3/ose-pod:v3.9.71 --pod-manifest-path= --pods-per-core=10 --port=10250 --read-only-port=0 --register-node=true --require-kubeconfig=true --root-dir=/var/lib/origin/openshift.local.volumes --tls-cert-file=/etc/origin/node/server.crt --tls-cipher-suites=<REMOVED> --tls-min-version=VersionTLS12 --tls-private-key-file=/etc/origin/node/server.key]


Looks like we should be able to set it:
https://github.com/openshift/origin/blob/release-3.9/pkg/cmd/server/apis/config/types.go#L190
https://github.com/openshift/origin/blob/release-3.11/pkg/cmd/server/apis/config/types.go#L165

But the option is never passed to kubelet: 
https://github.com/openshift/origin/blob/release-3.9/pkg/cmd/server/kubernetes/node/options/options.go#L20
https://github.com/openshift/origin/blob/release-3.11/pkg/cmd/server/kubernetes/node/options/options.go#L20



Workaround current set values under kubeletArguments node-config.yaml 
---
kubeletArguments:
  kube-api-qps:
  - "50"
  kube-api-burst:
  - "100
---

[start_node.go:535] kubelet [--address=0.0.0.0 --allow-privileged=true --anonymous-auth=true --authentication-token-webhook=true --authentication-token-webhook-cache-ttl=5m --authorization-mode=Webhook --authorization-webhook-cache-authorized-ttl=5m --authorization-webhook-cache-unauthorized-ttl=5m --cadvisor-port=0 --cgroup-driver=systemd --client-ca-file=/etc/origin/node/ca.crt --cluster-dns=10.10.92.202 --cluster-domain=cluster.local --container-runtime-endpoint=/var/run/dockershim.sock --containerized=false --experimental-dockershim-root-directory=/var/lib/dockershim --file-check-frequency=0s --healthz-bind-address= --healthz-port=0 --host-ipc-sources=api --host-ipc-sources=file --host-network-sources=api --host-network-sources=file --host-pid-sources=api --host-pid-sources=file --hostname-override=master-0.sharedocp39.lab.rdu2.cee.redhat.com --http-check-frequency=0s --image-service-endpoint=/var/run/dockershim.sock --iptables-masquerade-bit=0 --kube-api-burst=100 --kube-api-qps=50 --kubeconfig=/etc/origin/node/system:node:master.test.com.kubeconfig --max-pods=250 --network-plugin=cni --node-ip= --pod-infra-container-image=openshift3/ose-pod:v3.9.71 --pod-manifest-path= --pods-per-core=10 --port=10250 --read-only-port=0 --register-node=true --require-kubeconfig=true --root-dir=/var/lib/origin/openshift.local.volumes --tls-cert-file=/etc/origin/node/server.crt --tls-cipher-suites=<REMOVED> --tls-min-version=VersionTLS12 --tls-private-key-file=/etc/origin/node/server.key]


Note You need to log in before you can comment on or make changes to this bug.