Trident: Trident no pudo actualizar a 21.01.0
Describa el error
Apliqué el nuevo bundle.yaml y crd_post1.14 para actualizar a 21.01.0 y obtuve un error en el operador:
time="2021-01-31T10:19:42Z" level=error msg="error syncing 'trident/trident-csi': reconcile failed; error re-installing Trident 'trident' ; err: reconcile failed; unable to create RBAC objects while verifying Trident version; err: could not create the Trident cluster role; could not patch Trident Cluster role; \"\" is invalid: patch:
Invalid value: \"{\\\"apiVersion\\\":\\\"authorization.openshift.io/v1\\\",\\\"kind\\\":\\\"ClusterRole\\\",\\\"metadata\\\":{\\\"creationTimestamp\\\":\\\"2021-01-31T10:17:12Z\\\",\\\"labels\\\":{\\\"app\\\":\\\"controller.csi.trident.netapp.io\\\",\\\"k8s_version\\\":\\\"v1.19.0\\\"},\\\"managedFields\\\":[{\\\"apiVersion\\\":\\\"rbac.authorization.k8s.io/v1\\\",\\\"fieldsType\\\":\\\"FieldsV1\\\",\\\"fieldsV1\\\":{\\\"f:metadata\\\":{\\\"f:labels\\\":{\\\".\\\":{},\\\"f:app\\\":{},\\\"f:k8s_version\\\":{}},\\\"f:ownerReferences\\\":{\\\".\\\":{},\\\"k:{\\\\\\\"uid\\\\\\\":\\\\\\\"abf1fe5d-372a-4e84-804a-41bbf94cfba6\\\\\\\"}\\\":{\\\".\\\":{},\\\"f:apiVersion\\\":{},\\\"f:controller\\\":{},\\\"f:kind\\\":{},\\\"f:name\\\":{},\\\"f:uid\\\":{}}}},\\\"f:rules\\\":{}},\\\"manager\\\":\\\"openshift-apiserver\\\",\\\"operation\\\":\\\"Update\\\",\\\"time\\\":\\\"2021-01-31T10:17:12Z\\\"}],\\\"name\\\":\\\"trident-csi\\\",\\\"ownerReferences\\\":[{\\\"apiVersion\\\":\\\"trident.netapp.io/v1\\\",\\\"controller\\\":true,\\\"kind\\\":\\\"TridentOrchestrator\\\",\\\"name\\\":\\\"trident\\\",\\\"uid\\\":\\\"abf1fe5d-372a-4e84-804a-41bbf94cfba6\\\"}],\\\"resourceVersion\\\":\\\"340885946\\\",\\\"selfLink\\\":\\\"/apis/rbac.authorization.k8s.io/v1/clusterroles/trident-csi\\\",\\\"uid\\\":\\\"9f336f34-3551-4aac-9662-c083cc0f915a\\\"},\\\"rules\\\":[{\\\"apiGroups\\\":[\\\"\\\"],\\\"resources\\\":[\\\"namespaces\\\"],\\\"verbs\\\":[\\\"get\\\",\\\"list\\\"]},{\\\"apiGroups\\\":[\\\"\\\"],\\\"resources\\\":[\\\"persistentvolumes\\\",\\\"persistentvolumeclaims\\\"],\\\"verbs\\\":[\\\"get\\\",\\\"list\\\",\\\"watch\\\",\\\"create\\\",\\\"delete\\\",\\\"update\\\",\\\"patch\\\"]},{\\\"apiGroups\\\":[\\\"\\\"],\\\"resources\\\":[\\\"persistentvolumeclaims/status\\\"],\\\"verbs\\\":[\\\"update\\\",\\\"patch\\\"]},{\\\"apiGroups\\\":[\\\"storage.k8s.io\\\"],\\\"resources\\\":[\\\"storageclasses\\\"],\\\"verbs\\\":[\\\"get\\\",\\\"list\\\",\\\"watch\\\",\\\"create\\\",\\\"delete\\\",\\\"update\\\",\\\"patch\\\"]},{\\\"apiGroups\\\":[\\\"\\\"],\\\"resources\\\":[\\\"events\\\"],\\\"verbs\\\":[\\\"get\\\",\\\"list\\\",\\\"watch\\\",\\\"create\\\",\\\"update\\\",\\\"patch\\\"]},{\\\"apiGroups\\\":[\\\"\\\"],\\\"resources\\\":[\\\"secrets\\\"],\\\"verbs\\\":[\\\"get\\\",\\\"list\\\",\\\"watch\\\",\\\"create\\\",\\\"delete\\\",\\\"update\\\",\\\"patch\\\"]},{\\\"apiGroups\\\":[\\\"\\\"],\\\"resources\\\":[\\\"pods\\\"],\\\"verbs\\\":[\\\"get\\\",\\\"list\\\",\\\"watch\\\",\\\"create\\\",\\\"delete\\\",\\\"update\\\",\\\"patch\\\"]},{\\\"apiGroups\\\":[\\\"\\\"],\\\"resources\\\":[\\\"pods/log\\\"],\\\"verbs\\\":[\\\"get\\\",\\\"list\\\",\\\"watch\\\"]},{\\\"apiGroups\\\":[\\\"\\\"],\\\"resources\\\":[\\\"nodes\\\"],\\\"verbs\\\":[\\\"get\\\",\\\"list\\\",\\\"watch\\\",\\\"update\\\"]},{\\\"apiGroups\\\":[\\\"storage.k8s.io\\\"],\\\"resources\\\":[\\\"volumeattachments\\\"],\\\"verbs\\\":[\\\"get\\\",\\\"list\\\",\\\"watch\\\",\\\"update\\\",\\\"patch\\\"]},{\\\"apiGroups\\\":[\\\"storage.k8s.io\\\"],\\\"resources\\\":[\\\"volumeattachments/status\\\"],\\\"verbs\\\":[\\\"update\\\",\\\"patch\\\"]},{\\\"apiGroups\\\":[\\\"snapshot.storage.k8s.io\\\"],\\\"resources\\\":[\\\"volumesnapshots\\\",\\\"volumesnapshotclasses\\\"],\\\"verbs\\\":[\\\"get\\\",\\\"list\\\",\\\"watch\\\",\\\"update\\\",\\\"patch\\\"]},{\\\"apiGroups\\\":[\\\"snapshot.storage.k8s.io\\\"],\\\"resources\\\":[\\\"volumesnapshots/status\\\",\\\"volumesnapshotcontents/status\\\"],\\\"verbs\\\":[\\\"update\\\",\\\"patch\\\"]},{\\\"apiGroups\\\":[\\\"snapshot.storage.k8s.io\\\"],\\\"resources\\\":[\\\"volumesnapshotcontents\\\"],\\\"verbs\\\":[\\\"get\\\",\\\"list\\\",\\\"watch\\\",\\\"create\\\",\\\"delete\\\",\\\"update\\\",\\\"patch\\\"]},{\\\"apiGroups\\\":[\\\"csi.storage.k8s.io\\\"],\\\"resources\\\":[\\\"csidrivers\\\",\\\"csinodeinfos\\\"],\\\"verbs\\\":[\\\"get\\\",\\\"list\\\",\\\"watch\\\",\\\"create\\\",\\\"delete\\\",\\\"update\\\",\\\"patch\\\"]},{\\\"apiGroups\\\":[\\\"storage.k8s.io\\\"],\\\"resources\\\":[\\\"csidrivers\\\",\\\"csinodes\\\"],\\\"verbs\\\":[\\\"get\\\",\\\"list\\\",\\\"watch\\\",\\\"create\\\",\\\"delete\\\",\\\"update\\\",\\\"patch\\\"]},{\\\"apiGroups\\\":[\\\"apiextensions.k8s.io\\\"],\\\"resources\\\":[\\\"customresourcedefinitions\\\"],\\\"verbs\\\":[\\\"get\\\",\\\"list\\\",\\\"watch\\\",\\\"create\\\",\\\"delete\\\",\\\"update\\\",\\\"patch\\\"]},{\\\"apiGroups\\\":[\\\"trident.netapp.io\\\"],\\\"resources\\\":[\\\"tridentversions\\\",\\\"tridentbackends\\\",\\\"tridentstorageclasses\\\",\\\"tridentvolumes\\\",\\\"tridentnodes\\\",\\\"tridenttransactions\\\",\\\"tridentsnapshots\\\"],\\\"verbs\\\":[\\\"get\\\",\\\"list\\\",\\\"watch\\\",\\\"create\\\",\\\"delete\\\",\\\"update\\\",\\\"patch\\\"]},{\\\"apiGroups\\\":[\\\"policy\\\"],\\\"resourceNames\\\":[\\\"tridentpods\\\"],\\\"resources\\\":[\\\"podsecuritypolicies\\\"],\\\"verbs\\\":[\\\"use\\\"]}]}\":
no kind \"ClusterRole\" is registered for version \"authorization.openshift.io/v1\" in scheme \"k8s.io/kubernetes/pkg/api/legacyscheme/scheme.go:30\", requeuing"
Creo que el uso sugerido de rbac ha cambiado en 4.6. https://docs.openshift.com/container-platform/4.6/authentication/using-rbac.html esto debería ser solo una solución rápida de yaml en el clusterRole.
Ambiente
Proporcione información precisa sobre el entorno para ayudarnos a reproducir el problema.
- Versión Tridente: 20.10.0 -> 21.01.0
- Indicadores de instalación de Trident utilizados: [por ejemplo, -d -n trident --use-custom-yaml]
- Tiempo de ejecución del contenedor: [por ejemplo, Docker 19.03.1-CE]
- Versión de Kubernetes: 1.19
- Orquestador de Kubernetes: Openshift 4.6
* Solución sugerida *
Eliminar este caso https://github.com/NetApp/trident/blob/b0d57344c5d1e0179308802764270e765427c5c8/cli/k8s_client/yaml_factory.go#L78 ?
Desde ahora, es de esperar que sea compatible con OpenShift sin una solución personalizada.
uberspot
Todos 3 comentarios
Hola @uberspot
Hemos investigado este problema e identificado que afecta solo a las instalaciones de Red Hat OpenShift Container Platform (OCP) 4.x y se debe a la versión obsoleta de la API "authorization.openshift.io/v1". Estamos trabajando activamente en una revisión 21.01.1 para este problema.
No hay impacto en la instalación de Trident, puede continuar funcionando normalmente, pero impide que Trident Operator administre Trident y realice modificaciones en la instalación de Trident en función de los cambios de TridentOrchestrator CR.
La solución aquí es eliminar el ClusterRole 'trident-csi' y el ClusterRoleBinding 'trident-csi'. Esto desbloquearía temporalmente el operador Trident para que pueda completar la conciliación, realizar los cambios necesarios (según los cambios de TridentOrchestrator CR) y volver a crear ClusterRole y ClusterRoleBinding.
oc delete clusterrole trident-csi
oc delete clusterrolebinding trident-csi
Todos los demás métodos de instalación, incluidas las instalaciones basadas en tridentctl y las instalaciones de Operator/Helm en distribuciones que no son OCP, no se ven afectados. En este momento, le pedimos que, si está utilizando OCP y Trident Operator o Helm, espere hasta que se publique la actualización 21.01.1.
ntap-arorar
en 3 feb. 2021
Hola @uberspot ,
Este problema ahora está solucionado en la versión Trident v21.01.1.
gnarl
en 16 feb. 2021
Se implementó y se confirmó que la solución está funcionando. :)
¡Muchas gracias!
uberspot
en 17 feb. 2021
Temas relacionados
timvandevoort
·
5Comentarios
SuperBaobab
·
3Comentarios
tksm
·
4Comentarios
takuhiro
·
5Comentarios
fmj3fmj3
·
3Comentarios