Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OKE Workload Provider from Service Registry fails when Instance Metadata Service does not exist #9681

Open
Tracked by #9620
klustria opened this issue Jan 23, 2025 · 0 comments
Open
Tracked by #9620

OKE Workload Provider from Service Registry fails when Instance Metadata Service does not exist #9681

klustria opened this issue Jan 23, 2025 · 0 comments
Assignees
@danielkec @klustria
Labels
4.x Version 4.x bug Something isn't working OCI P2

Comments

@klustria
Copy link
Member

klustria commented Jan 23, 2025
edited
Loading

Issue Description:

There are scenarios where in a Kubernetes pod, the Instance Metadata Service (IMDS) does not exist. Because of this OKE Workload Provider will fail if FederationEndpoint is not set. The problem is, currently we don't have a way to pass in FederationEndpoint to the instantiation of OKE Workload Provider.

Environment Details:

Helidon MP : v4.1.x
JDK : 21

Information

The issue is manifested with this log:

2025-01-22 17:26:30.184  [main] WARN  c.o.b.a.AbstractFederationClientAuthenticationDetailsProviderBuilder - Attempt 1 - Rest call to get region from metadata service failed 
jakarta.ws.rs.ProcessingException: org.apache.http.conn.ConnectTimeoutException: Connect to 169.254.169.254:80 [/169.254.169.254] failed: Connection timed out
	at org.glassfish.jersey.apache.connector.ApacheConnector.apply(ApacheConnector.java:533)
	at org.glassfish.jersey.apache.connector.ApacheConnector.apply(ApacheConnector.java:540)
	at org.glassfish.jersey.client.ClientRuntime.lambda$createRunnableForAsyncProcessing$6(ClientRuntime.java:185)
	at org.glassfish.jersey.internal.Errors$1.call(Errors.java:248)
	at org.glassfish.jersey.internal.Errors$1.call(Errors.java:244)
...
...
2025-01-22 17:28:43.375  [main] INFO  c.o.b.a.AbstractFederationClientAuthenticationDetailsProviderBuilder - Exiting retry 2 with wait time: 2117 millis
2025-01-22 17:29:35.996  [SIGTERM handler] DEBUG java.lang.Runtime - Runtime.exit() called with status: 143
java.lang.Throwable: Runtime.exit(143)
	at java.base/java.lang.Shutdown.logRuntimeExit(Shutdown.java:179)
	at java.base/java.lang.Shutdown.exit(Shutdown.java:160)
	at java.base/java.lang.Terminator$1.handle(Terminator.java:51)
	at java.base/jdk.internal.misc.Signal$1.run(Signal.java:218)
	at java.base/java.lang.Thread.run(Thread.java:1583)
2025-01-22 17:29:35.997  [helidon-shutdown-thread] INFO  io.helidon.Main - Shutdown requested by JVM shutting down
2025-01-22 17:29:35.997  [helidon-shutdown-thread] INFO  io.helidon.Main - Shutdown finished

It looks like when federation endpoint is not set and the oke workload provider instantiation mechanism was trying to get the region from the OCI Java SDK APIs and using it to construct the federation endpoint URL. If IMDS does not exist, the above failure will happen.
@klustria klustria self-assigned this Jan 23, 2025
@github-project-automation github-project-automation bot moved this to Triage in Backlog Jan 23, 2025
@klustria klustria added the 4.x Version 4.x label Jan 23, 2025
@klustria klustria added the OCI label Jan 23, 2025
@m0mus m0mus added bug Something isn't working P2 labels Jan 23, 2025
@m0mus m0mus moved this from Triage to Sprint Scope in Backlog Jan 23, 2025
@barchetta barchetta mentioned this issue Jan 30, 2025
Open
6 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@danielkec danielkec

@klustria klustria

Labels
4.x Version 4.x bug Something isn't working OCI P2
Projects
Backlog
Status: Sprint Scope
Milestone
No milestone
Development

No branches or pull requests
3 participants
@danielkec @m0mus @klustria