Comments (3)
pmatseykanets
commented on June 29, 2024
Validation Template
What was fixed, or what change has occurred
Orphaned ClusterUserAttributes are now cleaned up by the corresponding controller.
Areas or cases that should be tested
- Create a downstream cluster with ACE enabled
- Create two users and assign them to the downstream cluster
- Log in by both users and download the kubeconfigs
- On the local cluster change the second user's token to point to the first one
- Delete the second user
- Observe that the ClusterUserAttribute for the second user was left on the downstream cluster
- Restart Rancher or trigger clusteruserattribute controller in other way
- Observe that the ClusterUserAttribute for the second user was removed from the downstream cluster
What areas could experience regressions
- Additional strain on ClusterUserAttribute controller as we now always make a read to check if the corresponding UserAttribute object exists whereas previously we did that only when the refresh was needed.
Are the repro steps accurate/minimal?
N/A.
from rancher.
skanakal
commented on June 29, 2024
I am pastin the workaround here... Although a fix for this issue has been developed, it has been targeted to 2.9.next. In the meantime, users encountering this problem can apply the below workaround to resolve it...
What's causing the issue is the orphaned ClusterUserAttribute's on downstream cluster(s)
Customer need to delete those (obviously only the orphaned ones, that the controller is complaining about in the logs).
Checking for offending ClusterUserAttribute's:
KUBECONFIG=<path/to/downstream/kubeconfig> kubectl -n cattle-system get clusteruserattribute <orphaned-clusteruserattribute-name>
thank you @pmatseykanets
from rancher.
joesims22
commented on June 29, 2024
Validated on v2.9-head id 3c48a19. All scenarios in test plan have been executed and passed.
from rancher.
Related Issues (20)
- [BUG] Steve VAI API returns 500 error when filtering secrets by label selectors
- Validate SLE Micro 6 on Rancher
- [BUG] Failed creating new cluster RKE2 HOT 7
- [BUG] Reconciling stuck message when adding a second node HOT 2
- [BUG] CRDs for `rancher-monitoring-crd` helm chart are not updated
- [BUG] RKE2 custom cluster does not successfully provision when setting the CIS profile HOT 1
- [flaky-test] Certificate Rotation HOT 5
- [RFE] vSphere cluster creation failures lead to cruft
- CA check improvements for `system-agent` HOT 2
- CA check improvements for `rancher-agent` HOT 2
- [BUG] CIS scan fails on K3s cluster created using ubuntu 24.04 nodes.
- add a webhook check for the agent-tls-mode setting
- [RFE] Support Creating a Cluster with a Service Account
- [BUG] [2.8] Some members with Github as Auth Provider could not be shown in cluster member list
- [RFE] [rancher-monitoring] Provide an easy solution to enable the Prometheus ingress HOT 2
- [RFE] 1.29 support
- [BUG] Rancher after executing backup in different upgraded cluster goes 503 HOT 1
- [BUG] Waiting for at least one control plane, etcd, and worker node to be registered
- [BUG] rancher monitoring chart lacks Network Policy permission to collect metrics from GUI's ingress-nginx pods
- [BUG] cannot drop the username and password of a private registry in the secret cattle-system/cattle-private-registry in the downstream cluster once it is set on RKE1 downstream cluster HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from rancher.