Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] OT-CONTAINER-KIT/redis-operator: applying non-existing certificate of TLS to Redis is not rejected by the operator #378

Open
songlkkevin opened this issue Apr 2, 2024 · 0 comments
Open

[BUG] OT-CONTAINER-KIT/redis-operator: applying non-existing certificate of TLS to Redis is not rejected by the operator #378

songlkkevin opened this issue Apr 2, 2024 · 0 comments

Comments

@songlkkevin
Copy link

What happened?

Why did Acto raise this alarm?

It's a misoperation, and we can find this message in the alarm file.statefulset: test-cluster-follower replicas [3] ready_replicas [2], test-cluster-leader replicas [3] ready_replicas [2], pod: test-cluster-follower-2, test-cluster-leader-2

What happened in the state transition?

  1. Deploy a simple Redis cluster using the following YAML file
apiVersion: redis.redis.opstreelabs.in/v1beta1
kind: RedisCluster
metadata:
  name: test-cluster
spec:
  clusterSize: 3
  kubernetesConfig:
    image: quay.io/opstree/redis:v6.2.5
    imagePullPolicy: IfNotPresent
    resources:
      limits:
        cpu: 101m
        memory: 128Mi
      requests:
        cpu: 101m
        memory: 128Mi
  redisExporter:
    enabled: true
    image: quay.io/opstree/redis-exporter:1.0
    imagePullPolicy: IfNotPresent
    resources:
      limits:
        cpu: 100m
        memory: 128Mi
      requests:
        cpu: 100m
        memory: 128Mi
  storage:
    volumeClaimTemplate:
      spec:
        accessModes:
        - ReadWriteOnce
        resources:
          requests:
            storage: 1Gi
  1. Add certificate to Redis by applying the following yaml file
kind: RedisCluster
metadata:
  name: test-cluster
spec:
  TLS:
    secret:
      secretName: ACTOKEY
  clusterSize: 3
  kubernetesConfig:
    image: quay.io/opstree/redis:v6.2.5
    imagePullPolicy: IfNotPresent
    resources:
      limits:
        cpu: 101m
        memory: 128Mi
      requests:
        cpu: 101m
        memory: 128Mi
  redisExporter:
    enabled: true
    image: quay.io/opstree/redis-exporter:1.0
    imagePullPolicy: IfNotPresent
    resources:
      limits:
        cpu: 100m
        memory: 128Mi
      requests:
        cpu: 100m
        memory: 128Mi
  storage:
    volumeClaimTemplate:
      spec:
        accessModes:
        - ReadWriteOnce
        resources:
          requests:
            storage: 1Gi

we can find an error event issued by the Pod with the message:MountVolume.SetUp failed for volume "tls-certs" : secret "ACTOKEY" not found"

What did you expect to happen?

The operator needs to reject this erroneous desired state.

Root Cause

The root cause is that the desired TLS.secret.secretName cannot be satisfied in the current cluster state. The redis-operator fails to reject the erroneous desired state and updates the Redis cluster with the unsatisfiable TLS.secret.secretName rule, causing the cluster to lose one replica.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@songlkkevin